Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“The Commission is using all tools at its disposal to fight unfair tax practices.”
– Executive Vice-President Margrethe Vestager
Story of the week: The European Commission suffered another major defeat in its antitrust charges against Big Tech. The General Court of the European Union has dismissed the case against Amazon, which the EU executive accused of having received a special tax treatment from Luxembourg. The verdict is similar to another major antitrust case that concerned Apple and the Republic of Ireland. In both cases the court ruled that the Commission did not provide a sufficient legal basis for proving that the tax deal could be considered as state aid. The result of these legal proceedings raises doubts about whether the Commission’s antitrust investigations have teeth, and falls within a broader discussion on taxing web services. Listen to the podcast for more.
Don’t miss: A working document leaked to EURACTIV illustrates how the European Commission is pitching the disinformation measures of the Digital Services Act (DSA) to national governments. The presentation’s intent seems to reassure those member states that requested strong provisions for moderating online content. The draft law requires companies to ensure the transparency of advertisements and define risk-mitigating measures that will be externally reviewed and audited. Special provisions are included for very large online platforms, as their risk level is considered “systemic”. Read more.
Also this week: international data flows, China’s new privacy framework, cyber disruption, and much more…
A message from FACEBOOK:
Working together to reduce COVID-19 misinformation
We’re collaborating with European governments and charities to support the pandemic response and limit the spread of misinformation.
One way: We teamed up with fact-checkers to develop multilingual media literacy campaigns that reached millions in the UK.
Learn more about our European partnerships.
Data & privacy
Keep the flow going. Following the Schrems II ruling, there has been a great deal of uncertainty around data flows between Europe and the rest of the world. For data to flow freely, the third country needs to be deemed as providing an adequate level of data protection by GDPR standards. In countries where data protection is not considered adequate, data processors need either to put extra measures in place or stop the data transfer completely. A recent decision of the Portuguese Data Protection Authority shows how a strict interpretation might hamper data transfers with third countries, which might result in disruption of international trade and create barriers for new technologies. Ahead of next month’s summit, Europe has been working on an agreement with the United States, in the hope that there won’t be a Schrems III. Read more.
Speaking of uncertainty. The European Parliament’s Civil Liberties Committee (LIBE) has urged the Commission to revise its UK adequacy decision. While admitting that the UK data protection law provides legal guarantees similar to GDPR, MEPs have raised concerns over the “broad exemptions” UK law allows for matters of national security and immigration. Another point contested by lawmakers is the possibility for outward transfers, notably towards the United States, which would make the UK effectively a loophole for transferring data from the EU to countries without adequate privacy laws. Trade associations have expressed disappointment over LIBE’s position, saying the ruling could disrupt trade with a major trading partner and that the EU-UK adequacy decision could actually provide a benchmark for future data transfer provisions. The decision will be put to a plenary vote on 20 May.
Meanwhile in Beijing. China has been developing its own vision of data governance. However, the recently published second draft of the Personal Information Protection Law (PIPL) suggests the Asian giant might be taking data protection more seriously. The move has also been interpreted as an attempt to reassert control over tech companies like Alibaba, reportedly considered too powerful by the Chinese government. Nonetheless, if approved, the new privacy framework will limit data processing also for public authorities. Although broadly inspired by GDPR, experts warn that the public security measures in PIPL would make it hard for Europe to consider the regulation “adequate”. Read more.
Not on my watch. Germany’s Data Protection Authority (DPA) has requested Facebook to stop the processing of personal data from its leading messaging service WhatsApp. The regulator launched an emergency investigation last month, when WhatsApp requested users to accept the new terms of service or stop using the app. This mandatory update was considered a “black-box procedure” that did not allow for an informed opt-in. The Hamburg-based DPA also mentioned security concerns ahead of September’s German election. The freeze will last up to three months thanks to the emergency provisions of GDPR, and might lead to a EU-wide ruling if approved by the European Data Protection Board. This is not by any means the first time German authorities have challenged Facebook on privacy concerns.
Don’t slapp. The European Parliament’s committees for legal affairs (JURI) and civil liberties (LIBE) have decided to join forces for an initiative promoting media freedom. The two committees will prepare a joint report on countering Strategic Lawsuits Against Public Participation (SLAPPs), an all-too-common technique used by wealthy corporations or individuals to intimidate journalists. The report calls for a European directive to establish EU-wide standards, as well as a fund for journalists who are being legally harassed. It also recommends measures be established for cutting these legal proceedings short and sanctions against those found to be abusing defamation laws. Read more.
Italy’s fine for Google. The Italian antitrust watchdog (AGCM) has fined Google more than €100 million. The complaint was filed by energy company Enel X, which accused Google of hampering the interoperability of its app Juicepass with Android Auto, in order to favour Google Maps. Google has a dominant position on the Italian mobile market, as three quarters of the devices use Android. AGCM also raised concerns that by restricting access to Android Auto, Google could influence the electrical mobility market in a critical moment for its start.
Colonial Pipeline DarkSide attack. The biggest gasoline pipeline in the United States was shut down for almost a week following a cyberattack that took place on 7 May. The hacker group DarkSide is believed to have been behind the attack, which resulted in major fuel shortages across the Eastern Seaboard. Bloomberg reported that the company Colonial Pipeline paid almost $5 million in ransom to restore operations. The attack showed once again the vulnerability of the United States to cyberattacks, with the government now working on a directive aimed at improving cybersecurity standards.
On the rise. The US is not the only country facing cyberattacks. German authorities have reported that cybercrime rose by 8% in 2020, while 2019 also saw a 15% growth rate. More than two thirds of the crimes remain unsolved. Large German companies have been badly hit, usually with ransomware software. Berlin has recently approved the IT Security Act 2.0, extending cybersecurity standards and obligations to strategic companies. The new law also broadened the mandate of the Federal Office for Information Security (BSI). Read more.
India’s trials, without China. New Dehli’s Department of Telecommunications has given several telecom operators permissions for a six-month trial for developing 5G operations. The companies providing technological equipment include Ericsson, Nokia, and Samsung. Chinese tech companies Huawei and ZTE have been excluded from the trials, a decision that follows a similar policy to that of several European countries, the UK and the US. India has established its own 5G standards (5Gi), a move that has been criticised by private operators who say it risks creating a closed telecom ecosystem.
What else I’m reading this week:
- The Brookings Institute published an analysis comparing the Artificial Intelligence plans across 34 countries.
- US Senator Ron Wyden has accused the Department of Defence (a.k.a. the Pentagon) of surveiling American citizens without a warrant.
- Opensignal published an analysis on the top 10 cities for 5G speed.
[Edited by Josie Le Blond]