Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“Processing personal data is in the business model of many Big Tech companies. But going before the Court of Justice is maybe in the business model of Mr Schrems.”
– Didier Reynders, European Commissioner for Justice
Story of the week: The Commission published its draft adequacy decision on the EU-US Data Privacy Framework on Tuesday, formally recognising the commitments of the Biden administration as satisfactory. The draft decision will now go to the European Data Protection Board, which usually has a month to issue a non-binding opinion. Before formal adoption, which the Commission hopes to achieve by the summer, the decision will go through the obscure EU Council’s comitology. Max Schrems, who already in November told EURACTIV that we are up for a third round, accused the EU executive of disregarding fundamental rights by always ignoring the same issues. In turn, Justice Commissioner Didier Reynders challenged him to try the new redress mechanism before attempting to shoot the whole system down again. Read more.
Don’t miss: Don’t expect digital files to be a massive priority for the Swedish presidency. To keep in mind: Sweden is currently led by a minority government with the backing of the far-right, meaning that if things get sour with the United States, the presidency might be in a tough spot to maintain its traditional free-trade position. The Health Data Space, Media Freedom Act, Chips Act, and CSAM proposals are among the top priorities on the digital front. The timing is also not the best, as the European Parliament is still finalising its position on the AI Act, eIDs and political advertising. In its programme, the only concrete objective of digital policies is to obtain a general approach to the Data Act, which the Czechs have already largely prepared. Read more.
Also this week:
- MEPs discussed high-risk categorisation and general-purpose AI.
- The Czech presidency circulated its last compromise on the Data Act.
- The Commission published its draft implementing act on the DMA.
- EU lawmakers adopted a mandate on the platform workers directive.
Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.
This episode is powered by Google
Explore the new Consumer Digital Empowerment Index
The Consumer Digital Empowerment Index – a new study supported by Euroconsumers and Google – offers insights into how digital services empower consumers in different areas of their daily lives. Explore the data to discover the key insights.
Continue Reading >>
Batch 10. A new set of compromise amendments to the AI Act has been circulated in the European Parliament. The most significant proposal consists in introducing a new layer based on which use cases listed in Annex III would fall under the high-risk category based on the type of data being used and potential impact. In addition, general-purpose AI has been excluded pending future discussions. The leading MEPs also proposed allowing the Commission to add and remove new high-risk areas and categories. Read more.
Ongoing discussions. However, batch 10 was not met with great favour at a technical meeting on Tuesday, with the ‘extra layer’ conditions set for hefty redrafting. At a shadow meeting on Wednesday, a preliminary discussion on general purpose and open-source AI was held. In this case, the co-rapporteurs wanted to understand where the different groups stood before proposing a compromise text. On data governance, an agreement was reached to delete the provision that would have allowed high-risk AI providers to process sensitive data to detect biases. There also seems to be a majority for extending the transparency register for public entity users.
Regulating gatekeeper AI. The DMA, rather than the AI Act, may be home to some of the most far-reaching rules governing AI applications and data, according to new research by Cornell University. The researchers have also developed a new algorithm to mitigate bias in AI systems and allow conscious trade-offs on different non-discrimination criteria relevant to areas like the DMA and credit scoring.
Research with no boundaries. The global volume of AI and data science research is growing annually. Still, many see the existing mechanisms for evaluating its ethical and societal implications as insufficient, according to a new report by the Ada Lovelace Institute.
Unbundling concessions. Microsoft has reportedly offered preliminary concessions to the Commission in the Slack vs Teams antitrust standoff. The move is an attempt to stave off a further investigation into Slack’s 2021 complaint that Microsoft unfairly bundled its Teams app into its Office package.
New S&D shadows. Following Eva Kaili’s fall from grace, the Socialists & Democrats had to reassign her files in ITRE. The Cyber Resilience Act was assigned to Beatrice Covassi, who has recently joined the European Parliament. Miapetra Kumpula-Natri will take over the file on cybersecurity for EU institutions and bodies.
Cyber dialogue. This week, an EU-US cyber dialogue took place in a purely physical format in Washington. Member states’ embassies were invited to attend.
Data & Privacy
Czechia’s final tweaks. In a last compromise, the Czech presidency made its final changes to the Data Act before handing the file to Sweden. The focus was on multi-cloud and egress fees, two much-discussed concepts that were not well addressed in the original proposal. On interoperability, the text opened the door to adding non-European standards to the EU repository. In terms of data in scope, the latest compromise covers “data generated by the use of a product or related service”, the presidency explained in a presentation on Tuesday, seen by EURACTIV.
Compensation parameters. Last Friday, the Commission quietly published a study on the criteria for assessing ‘reasonable compensation’ in the case of statutory data access right under the Data Act. The study points to parameters on how to calculate technical and administrative costs. Moreover, the authors also include the possibility for the data holder to make a margin, setting out some recommendations on the so-called ‘plus’ element. The study is likely to influence the final text.
On Reynders’ mind. In last week’s interview with EURACTIV, EU justice chief Reynders clarified that harmonising procedural laws for data protection investigations will only concern cross-border cases – probably due to the legal basis. At the same time, Reynders proposed the idea of a Data Protection Scoreboard, compiling comparable statistics from all the DPAs to assess their performance, following the model of the EU Justice Scoreboard.
B2G framework. The OECD published its B2G data access declaration on Wednesday, setting out a series of principles for (democratic) government access to personal data held by private actors. According to Politico, the United States tried to include wording that would have refrained countries from interrupting data transfers based on the country of destination’s surveillance regime, an attempt the EU managed to oppose.
Fine suggested. The advisor to France’s DPA, CNIL, proposed a €6 million fine against Apple after a complaint was made by the trade association France Digitale last year that its iOS 14 software falls short in seeking users’ consent for ad targeting.
Next year lookout. 2023 is set to be a turbulent year in data privacy, according to a new report by the International Association of Privacy Professionals, with more active enforcement from Brussels and more regulatory action in the US set to continue, along with tensions over budgets and the role of Data Protection Officers.
Digital Markets Act
Time to speak up. The consultation on the DMA’s implementing acts is now open, with the Commission accepting feedback until early January. Amongst the key areas to be covered are notification mechanisms, time limitations and the right to be heard. Designation of core platform service status is also set to be a crucial point of focus, signalling that this might be the first area of litigation. At the same time, the gatekeepers’ ability to contest a designation of a core platform service has been dramatically limited to a 25-page annexe.
Digital Services Act
Mind the (digital) single market. Last week, the European Commission gave a presentation, obtained by EURACTIV, to the Internal Market WP on the preparations for the DSA. Although broadly similar to the one provided in October to the eCommerce Expert Group, in this case, the EU executive insisted on the legislation’s harmonising role and warned against national legislation (read French) to tackle illegal content. Paris will implement the DMA and DSA in a single legislation. Still, some EU countries are concerned the French are trying to give more powers to their national authorities to favour domestic legislation over the DSA or other EU laws. Another point for discussion was the risk of undermining the DSA’s core principles like general monitoring with new legislation, as was the case with the General Product Safety Regulation. Meanwhile, most member states still have to appoint their Digital Services Coordinator, and an internal consultation is ongoing.
Don’t ignore us. The Dutch government’s support for the general approach to the European Digital Identity prompted a backlash in the Netherlands, as national lawmakers asked for a non-digital alternative that was not part of the deal.
See you in Strasbourg? MEPs approved the compromise text on the platform workers’ directive this week. The final deal stood: the rapporteur Gualmini obtained the removal of the criteria from the body of the text, whilst the part on algorithmic management remained limited to platform work. As the committee adopted a mandate to initiate trilogue negotiations, the text is expected to be announced at the next part-time plenary session on 26 January. On that day, 71 MEPs will have the possibility to request a plenary vote on the mandate. If the mandate is rejected, alternative amendments could be tabled likely at the plenary in mid-February.
It’s all about timing. Speaking to EURACTIV, Commissioner Nicolas Schmit made no secret that he did not like the direction the file took under the Czech presidency. But the Swedes are more or less on the same line and will try to conclude the trilogue negotiations. By contrast, the Parliament’s rapporteur will be tempted to buy time, waiting for ideologically-akin Spanish presidency.
STR – what’s next? The short-term rental proposal is only briefly mentioned in the Swedish presidency’s programme, but January and February are already packed with technical meetings, EURACTIV has learned. In IMCO, most political groups still have to designate who will follow the file, except for Kim van Sparrentak for the Greens, who is trying to obtain the lead. However, the file will be part of a broader deal inside the committee that will likely include forced labour, the Single Market Emergency Instrument and the Right to Repair.
Chips Act update. The work on the Chips Act is ongoing in ITRE, with the last technical meeting taking place on Monday next week to discuss the emergency measures (Pillar III). On this part, the text has been moving in a similar direction compared to the EU Council, with extra safeguards and heavy member states’ involvement. Similarly, the question of geographical balance was dealt with some generic spill-over effects. The pillars the Chips Initiative and security of supply are also still open, in particular on the procedure for fast-tracking permits where some lawmakers want to raise a political discussion on the environmental impact. The question of IP rights is also not settled, with JURI trying to introduce new definitions, for instance on open source. The main distance with the Council will primarily be on the budget and the consortia (ECICs), as MEPs want to include specific targets to receive public funding that are normally unpopular among national governments.
What attracts mega fabs. Favourable locations, renewable energy and political stability are all part of Germany’s attractiveness for chip production, Saxony-Anhalt’s state minister for economic affairs told EURACTIV this week. However, it is hard to imagine Intel would have committed to open two mega fabs in Magdeburg without the €6 billion of state aid from the German government, together with another half a billion of State infrastructural investments. Concentration is the key word for chipmaking, as Saxony-Anhalt is now in talks with other potential investors. Read more.
State aid boost. The proposal for the European Sovereignty Fund is set to be presented next summer, in a European response to the IRA – which for all the nice talks, Washington is not intending to change. Money, as usual, will be the critical question. France wants more common debt, which is hard to digest for Germany. Berlin has shown more appetite for national investments, which would put further pressure on the single market and leave smaller countries out in the cold. Read more.
Microsoft’s data localisation. Microsoft is poised to begin a phased rollout of its EU Data Boundary, designed to provide EU and EFTA public sector and commercial cloud service customers with the ability to store and process all their data within the EU. The deployment will start on 1 January.
Data policy needed. Just 31% of companies in Germany’s industrial and industry-related service provider sectors are operating in a way which empowers them in the data economy, according to a study by the Institut der Deutschen Wirtschaft, calling for an SME-focused data policy.
Investment tracker. The German Marshall Fund has created a centralised database for tracking and comparing investments in semiconductors in both the EU and US.
Trilogues incoming. The LIBE committee this week approved an updated negotiating mandate on the EURODAC regulation, covering the EU’s fingerprint database for asylum seekers, opening the door to trilogues. However, the report goes against the views of several NGOs and the EDPS, which urged to reject the expansion of the database to law enforcement and facial images.
Let’s say it again. The German coalition government is united against ‘child control’, the depreciative term for the EU’s proposal to fight Child Sexual Abuse Material. That is what Federal Justice Minister Marco Buschmann felt the need to repeat after speaking with Interior Minister Nancy Faeser on Thursday. The two have previously clashed on the issue of data retention.
Another negative record. The number of journalists detained around the world reached a record level this year, and the number of those killed is also on the rise after a few years of decrease, according to a new report by Reporters Without Borders (RSF), released this week. Read more.
Take them down. Three Russian TV channels, deemed to show Kremlin propaganda, will be taken off air in France after broadcasting regulator Arcom urged satellite company Eutelsat to cease hosting them. Read more.
EDMO phase 2. The European Digital Media Observatory (EDMO), which monitors disinformation in Europe, is entering its second phase, with new projects including fact-checking, research and fulfilling the commitments of the EU’s Code of Practice on Disinformation.
Going local. Last Friday, the Commission launched a €2 million project to support local media in the so-called ‘news deserts’.
Musk’s freedom of speech. Several prominent journalists, including those from CNN and the Washington Post, who had reported on Twitter and its CEO Elon Musk, had their accounts suspended after Musk warned against publishing personal information from his private jet on the platform. Also suspended was the account of Mastodon, the social network initially seen as a potential alternative to Twitter post-Musk takeover. Read more.
Speaking of dark patterns. Following last week’s interview with Reynders, EURACTIV has learned that IMCO will also deliver a resolution on ‘Addictive design of online services’. The Greens requested their own-initiative report and received support from most groups. Again, the move can be seen as positioning ahead of a legislative initiative. The rapporteur is still to be decided, so the work will not start until January.
Believe it or not. Meta is being increasingly open with its Oversight Board and implementing more of its recommendations, according to the body’s Q3 transparency report.
Liability package deal. IMCO, led by Renew MEP Vlad-Marius Botos, contested JURI’s lead on the Product Liability Directive. The AI Liability Directive has proved less problematic, with a request for shared competencies from IMCO (i.e. DSA interlink) and LIBE (i.e. law enforcement) that JURI seems open to settling relatively quickly. However, the Conference of Committee Chairs is looking at the two files as a ‘package’, meaning that work on the AILD will not start until a solution on the PLD has been found, which might drag on until February or March. That is not necessarily bad news, as the lawmakers working on the two files will at least have the Parliament’s position on the AI Act by then, although fundamental elements like the AI definition will remain a moving target until a trilogue agreement is reached.
Research & Innovation
R&D picks up. Research and Development investment in Europe is back on track after a pandemic-induced decline, increasing by 8.9% in 2021 after a 2.2% fall in 2020. Private sector investment has grown strongly, and the EU continues to lead in the automotive sector.
New timeline, new rebranding. The public consultation on the senders-pay initiative (aka fair share) is now expected for mid-January, together with the publication of the Broadband Cost Reduction Directive, rebranded Gigabit Infrastructure Act (GIA). The consultation will actually be a broader exercise on the future of the telecom sector, including looking at the metaverse. EURACTIV understands there will not be a separate questionnaire.
State aid rules revised. The further postponement of the now GIA is the reason why the Commission updated its Broadband Guidelines this week. The revision of the state aid rules for supporting the roll-out and take-up of broadband networks across member states was expected to go out as part of a ‘broadband package’.
More export restrictions. Japan and the Netherlands joined talks with the US this week to discuss tightening controls on the export of chipmaking equipment to China as part of Washington’s broader aim of restricting Beijing’s access to advanced semiconductors made with US technology. According to Bloomberg, both Tokyo and the Hague agreed in principle to back the US in strengthening export controls.
Smart cities inclusion. Many have promoted smart cities as a way of building more sustainable, efficient urban areas and increasing the well-being of individual citizens. But this transition must be carefully managed to reduce digital divides rather than exacerbate them. Read more.
Don’t forget rural areas. Collaboration, public policy and funding on all levels will be vital to advancing the EU’s plan for developing smart villages in rural areas, MEP Franc Bogovič told EURACTIV this week. Read more.
What else we’re reading this week:
To crack down on dark patterns, European Commission needs design researchers (EURACTIV)
Is becoming a ‘prompt engineer’ the way to save your job from AI? (FT)
The viral AI avatar app Lensa undressed me—without my consent (MIT Technology Review)
An Alternate Reality: How Russia’s State TV Spins the Ukraine War (The New York Times)
[Edited by Alice Taylor]