Europe plans a Chips Act to boost semiconductor sovereignty

The EU will use legislation to push for greater resilience and sovereignty in regional semiconductor supply chains.

The bloc’s president trailed a forthcoming ‘European Chips Act’ in a state of the union speech today. Ursula von der Leyen suggested that gaining greater autonomy in chipmaking is now a key component of the EU’s overarching digital strategy.

She flagged the global shortage of semiconductors, which has led to slow downs in production for a range of products that rely on chips to drive data processing — from cars and trains to smartphones and other consumer electronics — as driving EU lawmakers’ concern about European capacity in this area.

“There is no digital without chips,” said von der Leyen. “While we speak, whole production lines are already working at reduced speed — despite growing demand — because of a shortage of semi-conductors.

“But while global demand has exploded, Europe’s share across the entire value chain, from design to manufacturing capacity has shrunk. We depend on state-of-the-art chips manufactured in Asia. So this is not just a matter of our competitiveness. This is also a matter of tech sovereignty. So let’s put all of our focus on it.”

The Chips Act will aim to link together the EU’s semiconductor research, design and testing capacities, she said, calling for “coordination” between EU and national investments in this area to help boost the bloc’s self-sufficiency.

“The aim is to jointly create a state-of-the-art European chip ecosystem, including production. That ensures our security of supply and will develop new markets for ground-breaking European tech,” she added.

The EU president couched the ambition for bolstering European chip capacity as a “daunting task” but likened the mission to what the bloc did with its Galileo satellite navigation system two decades ago.

“Today European satellites provide the navigation system for more than 2 billion smartphones worldwide. We are world leaders. So let’s be bold again, this time with semi-conductors.”

In follow up remarks, the EU’s internal market commissioner, Thierry Breton, put a little more meat on the bones of the legislative plan — saying the Commission wants to integrate Member State efforts into a “coherent” pan-EU semiconductor strategy and also create a framework “to avoid a race to national public subsidies fragmenting the single market”.

The aim will be to “set conditions to protect European interests and place Europe firmly in the global geopolitical landscape”, he added.

Per Breton, the Chip Act will comprise three elements: Firstly, a semiconductor research strategy that will aim to build on work being done by institutions such as IMEC in Belgium, LETI/CEA in France and Fraunhofer in Germany.

“Building on the existing research partnership (the KDT Joint Undertaking), we need to up our game, and design a strategy to push the research ambitions of Europe to the next level while preserving our strategic interests,” he noted.

The second component will consist of a collective plan to boost European chipmaking capacity.

He said the planned legislation will aim to support chip supply chain monitoring and resilience across design, production, packaging, equipment and suppliers (e.g. producers of wafers).

The goal will be to support the development of European “mega fabs” that are able to produce high volumes of the most advanced (towards 2nm and below) and energy-efficient semiconductors.

However the EU isn’t planning for a future when it can make all the chips it needs itself.

The last plank of the European Chip Act will set out a framework for international co-operation and partnership.

“The idea is not to produce everything on our own here in Europe. In addition to making our local production more resilient, we need to design a strategy to diversify our supply chains in order to decrease over-dependence on a single country or region,” Breton went on. “And while the EU aims to remain the top global destination of foreign investment and we welcome foreign investment to help increase our production capacity especially in high-end technology, through the European Chips Act we will also put the right conditions in place to preserve Europe’s security of supply.”

“The US are now discussing a massive investment under the American Chips Act designed to finance the creation of an American research centre and to help open up advanced production factories. The objective is clear: to increase the resilience of US semiconductor supply chains,” he added.

“Taiwan is positioning itself to ensure its primacy on semiconductor manufacturing. China, too, is trying to close the technological gap as it is constrained by export control rules to avoid technological transfers. Europe cannot and will not lag behind.”

In additional documentation released today, the EU said the Chips Act will build on other digital initiatives already presented by the Von der Leyen Commission — such as moves to contain the power of “gatekeeper” Internet giants and increase platforms’ accountability (the Digital Markets Act and Digital Services Act); regulate high risk applications of AI (the Artificial Intelligence Act); tackle online disinformation (via a beefed up code of practice); and boost investment in regional digital infrastructure and skills.

#consumer-electronics, #digital-markets-act, #digital-services-act, #europe, #european-chips-act, #european-commission, #european-union, #fraunhofer, #hardware, #semiconductor, #semiconductors, #supply-chain, #thierry-breton, #ursula-von-der-leyen

Don’t Let the Fossil Fuel Industry Pivot to Toxic Plastics and Chemicals

As we confront climate change, focusing on a single metric, like greenhouse gas emissions, could leave other harmful practices unaddressed.

#africa, #chemicals, #environmental-protection-agency, #european-commission, #european-union, #far-east-south-and-southeast-asia-and-pacific-areas, #flame-retardants, #global-warming, #greenhouse-gas-emissions, #hazardous-and-toxic-substances, #international-energy-agency, #mckinseyco, #national-academies-of-the-united-states, #natural-gas, #ohio, #oil-petroleum-and-gasoline, #pennsylvania, #plastics, #recycling-of-waste-materials, #united-states, #waste-materials-and-disposal

Stop using Zoom, Hamburg’s DPA warns state government

Hamburg’s state government has been formally warned against using Zoom over data protection concerns.

The German state’s data protection agency (DPA) took the step of issuing a public warning yesterday, writing in a press release that the Senate Chancellory’s use of the popular videoconferencing tool violates the European Union’s General Data Protection Regulation (GDPR) since user data is transferred to the US for processing.

The DPA’s concern follows a landmark ruling (Schrems II) by Europe’s top court last summer which invalidated a flagship data transfer arrangement between the EU and the US (Privacy Shield), finding US surveillance law to be incompatible with EU privacy rights.

The fallout from Schrems II has been slow to manifest — beyond an instant blanket of legal uncertainty. However a number of European DPAs are now investigating the use of US-based digital services because of the data transfer issue, and in some instances publicly warning against the use of mainstream US tools like Facebook and Zoom because user data cannot be adequately safeguarded when it’s taken over the pond.

German agencies are among the most proactive in this respect. But the EU’s data protection supervisor is also investigating the bloc’s use of cloud services from US giants Amazon and Microsoft over the same data transfer concern.

At the same time, negotiations between the European Commission and the Biden administration to seek a replacement data transfer deal remain ongoing. However EU lawmakers have repeatedly warned against any quick fix — saying reform of US surveillance law is likely required before there can be a revived Privacy Shield. And as the legal limbo continues a growing number of public bodies in Europe are facing pressure to ditch US-based services in favor of compliant local alternatives.

In the Hamburg case, the DPA says it took the step of issuing the Senate Chancellory with a public warning after the body did not provide an adequate response to concerns raised earlier.

The agency asserts that use of Zoom by the public body does not comply with the GDPR’s requirement for a valid legal basis for processing personal data, writing: “The documents submitted by the Senate Chancellery on the use of Zoom show that [GDPR] standards are not being adhered to.”

The DPA initiated a formal procedure earlier, via a hearing, on June 17, 2021 but says the Senate Chancellory failed to stop using the videoconferencing tool. Nor did it provide any additional documents or arguments to demonstrate compliance usage. Hence the DPA taking the step of a formal warning, under Article 58 (2) (a) of the GDPR.

In a statement, Ulrich Kühn, the acting Hamburg commissioner for data protection and freedom of information, dubbed it “incomprehensible” that the regional body was continuing to flout EU law in order to use Zoom — pointing out that a local alternative, provided by the German company Dataport (which supplies software to a number of state, regional and local government bodies) is readily available.

In the statement [translated with Google Translate], Kühn said: “Public bodies are particularly bound to comply with the law. It is therefore more than regrettable that such a formal step had to be taken. At the [Senate Chancellery of the Free and Hanseatic City of Hamburg], all employees have access to a tried and tested video conference tool that is unproblematic with regard to third-country transmission. As the central service provider, Dataport also provides additional video conference systems in its own data centers. These are used successfully in other regions such as Schleswig-Holstein. It is therefore incomprehensible why the Senate Chancellery insists on an additional and legally highly problematic system.”

We’ve reached out to the Hamburg DPA and Senate Chancellory with questions.

Zoom has also been contacted for comment.

#data-protection, #data-security, #dataport, #digital-rights, #eu-us-privacy-shield, #europe, #european-commission, #european-union, #general-data-protection-regulation, #government, #hamburg, #personal-data, #privacy, #schrems-ii, #surveillance-law, #united-states, #video-conferencing, #zoom

EU hits Amazon with record-breaking $887M GDPR fine over data misuse

Luxembourg’s National Commission for Data Protection (CNPD) has hit Amazon with a record-breaking €746 million ($887m) GDPR fine over the way it uses customer data for targeted advertising purposes.

Amazon disclosed the ruling in an SEC filing on Friday in which it slammed the decision as baseless and added that it intended to defend itself “vigorously in this matter.”

“Maintaining the security of our customers’ information and their trust are top priorities,” an Amazon spokesperson said in a statement. “There has been no data breach, and no customer data has been exposed to any third party. These facts are undisputed.

“We strongly disagree with the CNPD’s ruling, and we intend to appeal. The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.”

The penalty is the result of a 2018 complaint by French privacy rights group La Quadrature du Net, a group that claims to represent the interests of thousands of Europeans to ensure their data isn’t used by big tech companies to manipulate their behavior for political or commercial purposes. The complaint, which also targets Apple, Facebook Google and LinkedIn and was filed on behalf of more than 10,000 customers, alleges that Amazon manipulates customers for commercial means by choosing what advertising and information they receive.

La Quadrature du Net welcomed the fine issued by the CNPD, which “comes after three years of silence that made us fear the worst.”

“The model of economic domination based on the exploitation of our privacy and free will is profoundly illegitimate and contrary to all the values that our democratic societies claim to defend,” the group added in a blog post published on Friday.

The CNPD has also ruled that Amazon must commit to changing its business practices. However, the regulator has not publicly committed on its decision, and Amazon didn’t specify what revised business practices it is proposing.

The record penalty, which trumps the €50 million GDPR penalty levied against Google in 2019, comes amid heightened scrutiny of Amazon’s business in Europe. In November last year, the European Commission announced formal antitrust charges against the company, saying the retailer has misused its position to compete against third-party businesses using its platform. At the same time, the Commission a second investigation into its alleged preferential treatment of its own products on its site and those of its partners.

#amazon, #apple, #big-tech, #companies, #computing, #data-protection, #data-security, #europe, #european-commission, #facebook, #general-data-protection-regulation, #google, #policy, #privacy, #spokesperson, #tc, #u-s-securities-and-exchange-commission

European Investment Fund puts $30M in Fabric Ventures’ new $120M digital assets fund

Despite their rich engineering talent, Blockchain entrepreneurs in the EU often struggle to find backing due to the dearth of large funds and investment expertise in the space. But a big move takes place at an EU level today, as the European Investment Fund makes a significant investment into a blockchain and digital assets venture fund.

Fabric Ventures, a Luxembourg-based VC billed as backing the “Open Economy” has closed $120 million for its 2021 fund, $30 million of which is coming from the European Investment Fund (EIF). Other backers of the new fund include 33 founders, partners, and executives from Ethereum, (Transfer)Wise, PayPal, Square, Google, PayU, Ledger, Raisin, Ebury, PPRO, NEAR, Felix Capital, LocalGlobe, Earlybird, Accelerator Ventures, Aztec Protocol, Raisin, Aragon, Orchid, MySQL, Verifone, OpenOcean, Claret Capital, and more. 

This makes it the first EIF-backed fund mandated to invest in digital assets and blockchain technology.

EIF Chief Executive Alain Godard said:  “We are very pleased to be partnering with Fabric Ventures to bring to the European market this fund specializing in Blockchain technologies… This partnership seeks to address the need [in Europe] and unlock financing opportunities for entrepreneurs active in the field of blockchain technologies – a field of particular strategic importance for the EU and our competitiveness on the global stage.”

The subtext here is that the EIF wants some exposure to these new, decentralized platforms, potentially as a bulwark against the centralized platforms coming out of the US and China.

And yes, while the price of Bitcoin has yo-yo’d, there is now $100 billion invested in the decentralized finance sector and $1.5 billion market in the NFT market. This technology is going nowhere.

Fabric hasn’t just come from nowhere, either. Various Fabric Ventures team members have been involved in Orchestream, the Honeycomb Project at Sun Microsystems, Tideway, RPX, Automic, Yoyo Wallet, and Orchid.

Richard Muirhead is Managing Partner, and is joined by partners Max Mersch and Anil Hansjee. Hansjee becomes General Partner after leaving PayPal’s Venture Fund, which he led for EMEA. The team has experience in token design, market infrastructure, and community governance.

The same team started the Firestartr fund in 2012, backing Tray.io, Verse, Railsbank, Wagestream, Bitstamp, and others.

Muirhead said: “It is now well acknowledged that there is a need for a web that is user-owned and, consequently, more human-centric. There are astonishing people crafting this digital fabric for the benefit of all. We are excited to support those people with our latest fund.”

On a call with TechCrunch Muirhead added: “The thing to note here is that there’s a recognition at European Commission level, that this area is one of geopolitical significance for the EU bloc. On the one hand, you have the ‘wild west’ approach of North America, and, arguably, on the other is the surveillance state of the Chinese Communist Party.”

He said: “The European Commission, I think, believes that there is a third way for the individual, and to use this new wave of technology for the individual. Also for businesses. So we can have networks and marketplaces of individuals sharing their data for their own benefit, and businesses in supply chains sharing data for their own mutual benefits. So that’s the driving view.”

#accelerator-ventures, #articles, #blockchains, #china, #chinese-communist-party, #computing, #cryptocurrencies, #decentralization, #earlybird, #ethereum, #europe, #european-commission, #european-investment-fund, #european-union, #fabric-ventures, #felix-capital, #google, #managing-partner, #mysql, #north-america, #paypal, #railsbank, #rpx, #sun-microsystems, #tc, #technology, #united-states, #verifone, #yoyo-wallet

Putting a Price on Pollution

The European Union has an ambitious plan to phase out the bloc’s reliance on fossil fuels. Will it work?

#climate-change-album, #europe, #european-commission, #global-warming

Help! I’m Traveling to Europe. All The Required Documentation Is Dizzying

For three confused but vaccinated travelers, our columnist tries to make sense of the new rules of entry into the European Union.

#airlines-and-airplanes, #airports, #content-type-service, #delta-air-lines-inc, #european-commission, #european-medicines-agency, #european-union, #travel-and-vacations, #vaccination-and-immunization, #vaccination-proof-and-immunization-records

Europe Rolls Out Ambitious Climate Change Plan, but Obstacles Loom

The proposal would impose tariffs on some imports from countries with looser environmental rules. It would also mean the end of sales in the European Union of new gas- and diesel-powered cars in just 14 years.

#alternative-and-renewable-energy, #carbon-caps-and-emissions-trading-programs, #carbon-dioxide, #customs-tariff, #economic-conditions-and-trends, #energy-efficiency, #europe, #european-commission, #european-union, #fuel-efficiency, #fuel-emissions-transportation, #global-warming, #greenhouse-gas-emissions, #international-trade-and-world-market, #oil-petroleum-and-gasoline, #politics-and-government

Controversial WhatsApp policy change hit with consumer law complaint in Europe

Facebook has been accused of multiple breaches of European Union consumer protection law as a result of its attempts to force WhatsApp users to accept controversial changes to the messaging platforms’ terms of use — such as threatening users that the app would stop working if they did not accept the updated policies by May 15.

The consumer protection association umbrella group, the Beuc, said today that together with eight of its member organizations it’s filed a complaint with the European Commission and with the European network of consumer authorities.

“The complaint is first due to the persistent, recurrent and intrusive notifications pushing users to accept WhatsApp’s policy updates,” it wrote in a press release.

“The content of these notifications, their nature, timing and recurrence put an undue pressure on users and impair their freedom of choice. As such, they are a breach of the EU Directive on Unfair Commercial Practices.”

After earlier telling users that notifications about the need to accept the new policy would become persistent, interfering with their ability to use the service, WhatsApp later rowed back from its own draconian deadline.

However the app continues to bug users to accept the update — with no option not to do so (users can close the policy prompt but are unable to decline the new terms or stop the app continuing to pop-up a screen asking them to accept the update).

“In addition, the complaint highlights the opacity of the new terms and the fact that WhatsApp has failed to explain in plain and intelligible language the nature of the changes,” the Beuc went on. “It is basically impossible for consumers to get a clear understanding of what consequences WhatsApp’s changes entail for their privacy, particularly in relation to the transfer of their personal data to Facebook and other third parties. This ambiguity amounts to a breach of EU consumer law which obliges companies to use clear and transparent contract terms and commercial communications.”

The organization pointed out that WhatsApp’s policy updates remain under scrutiny by privacy regulations in Europe — which it argues is another factor that makes Facebook’s aggressive attempts to push the policy on users highly inappropriate.

And while this consumer-law focused complaint is separate to the privacy issues the Beuc also flags — which are being investigated by EU data protection authorities (DPAs) — it has called on those regulators to speed up their investigations, adding: “We urge the European network of consumer authorities and the network of data protection authorities to work in close cooperation on these issues.”

The Beuc has produced a report setting out its concerns about the WhatsApp ToS change in more detail — where it hits out at the “opacity” of the new policies, further asserting:

“WhatsApp remains very vague about the sections it has removed and the ones it has added. It is up to users to seek out this information by themselves. Ultimately, it is almost impossible for users to clearly understand what is new and what has been amended. The opacity of the new policies is in breach of Article 5 of the UCTD [Unfair Contract Terms Directive] and is also a misleading and unfair practice prohibited under Article 5 and 6 of the UCPD [Unfair Commercial Practices Directive].”

Reached for comment on the consumer complaint, a WhatsApp spokesperson told us:

“Beuc’s action is based on a misunderstanding of the purpose and effect of the update to our terms of service. Our recent update explains the options people have to message a business on WhatsApp and provides further transparency about how we collect and use data. The update does not expand our ability to share data with Facebook, and does not impact the privacy of your messages with friends or family, wherever they are in the world. We would welcome an opportunity to explain the update to Beuc and to clarify what it means for people.”

The Commission was also contacted for comment on the Beuc’s complaint — we’ll update this report if we get a response.

The complaint is just the latest pushback in Europe over the controversial terms change by Facebook-owned WhatsApp — which triggered a privacy warning from Italy back in January, followed by an urgency procedure in Germany in May when Hamburg’s DPA banned the company from processing additional WhatsApp user data.

Although, earlier this year, Facebook’s lead data regulator in the EU, Ireland’s Data Protection Commission, appeared to accept Facebook’s reassurances that the ToS changes do not affect users in the region.

German DPAs were less happy, though. And Hamburg invoked emergency powers allowed for in the General Data Protection Regulation (GDPR) in a bid to circumvent a mechanism in the regulation that (otherwise) funnels cross-border complaints and concerns via a lead regulator — typically where a data controller has their regional base (in Facebook/WhatsApp’s case that’s Ireland).

Such emergency procedures are time-limited to three months. But the European Data Protection Board (EDPB) confirmed today that its plenary meeting will discuss the Hamburg DPA’s request for it to make an urgent binding decision — which could see the Hamburg DPA’s intervention set on a more lasting footing, depending upon what the EDPB decides.

In the meanwhile, calls for Europe’s regulators to work together to better tackle the challenges posed by platform power are growing, with a number of regional competition authorities and privacy regulators actively taking steps to dial up their joint working — in a bid to ensure that expertise across distinct areas of law doesn’t stay siloed and, thereby, risk disjointed enforcement, with conflicting and contradictory outcomes for Internet users.

There seems to be a growing understanding on both sides of the Atlantic for a joined up approach to regulating platform power and ensuring powerful platforms don’t simply get let off the hook.

 

#beuc, #europe, #european-commission, #european-data-protection-board, #european-union, #facebook, #gdpr, #general-data-protection-regulation, #germany, #hamburg, #ireland, #policy, #privacy, #social, #social-media, #whatsapp

UK gets data flows deal from EU — for now

The UK’s digital businesses can breathe a sign of relief today as the European Commission has officially signed off on data adequacy for the (now) third country, post-Brexit.

It’s a big deal for UK businesses as it means the country will be treated by Brussels as having essentially equivalent data protection rules as markets within the bloc, despite no longer being a member itself — enabling personal data to continue to flow freely from the EU to the UK, and avoiding any new legal barriers.

The granting of adequacy status has been all but assured in recent weeks, after European Union Member States signed off on a draft adequacy arrangement. But the Commission’s adoption of the decision marks the final step in the process — at least for now.

It’s notable that the Commission’s PR includes a clear warning that if the UK seeks to weaken protections afforded to people’s data under the current regime it “will intervene”.

In a statement, Věra Jourová, Commission VP for values and transparency, said:

The UK has left the EU but today its legal regime of protecting personal data is as it was. Because of this, we are adopting these adequacy decisions today. At the same time, we have listened very carefully to the concerns expressed by the Parliament, the Members States and the European Data Protection Board, in particular on the possibility of future divergence from our standards in the UK’s privacy framework. We are talking here about a fundamental right of EU citizens that we have a duty to protect. This is why we have significant safeguards and if anything changes on the UK side, we will intervene.”

The UK adequacy decision comes with a Sword of Damocles baked in: A sunset clause of four years. It’s a first — so, er, congratulations to the UK government for projecting a perception of itself as untrustworthy over the short run.

This clause means the UK’s regime will face full scrutiny again in 2025, with no automatic continuation if its standards are deemed to have slipped (as many fear they will).

The Commission also emphasizes that its decision does not mean the UK has four ‘guaranteed’ years in the clear. On the contrary, it says it will “continue to monitor the legal situation in the UK and could intervene at any point, if the UK deviates from the level of protection currently in place”.

Third countries without an adequacy agreement — such as the US, which has adequacy twice struck down by Europe’s top court (after it found US surveillance law incompatible with EU fundamental rights) — do not enjoy ‘seamless’ legal certainty around personal data flows; and must instead take steps to assess each of these transfers individually to determine whether (and how) they can move data legally.

Last week, the European Data Protection Board (EDPB) put out its final bit of guidance for third countries wanting to transfer personal data outside the bloc. And the advice makes it clear that some types of transfers are unlikely to be possible.

For other types of transfers, the advice discusses a number of of supplementary measures (including technical steps like robust encryption) that may be possible for a data controller to use in order to, through their own technical, contractual and organizational effort, ramp up the level of protection to achieve the required standard.

It is, in short, a lot of work. And without today’s adequacy decision UK businesses would have had to get intimately acquainted with the EDPB’s guidance. For now, though, they’ve dodged that bullet.

The qualifier is still very necessary, though, because the UK government has signalled that it intends to rethink data protection.

How exactly it goes about that — and to what extent it changes the current ‘essentially equivalent’ regime — may make all the difference. For example, Digital minister Oliver Dowden has talked about data being “a great opportunity” for the UK, post-Brexit.

And writing in the FT back in February he suggested there will be room for the UK to rewrite its national data protection rules without diverging so much that it puts adequacy at risk. “We fully intend to maintain those world-class standards. But to do so, we do not need to copy and paste the EU’s rule book, the General Data Protection Regulation, word-for-word,” he suggested then, adding that: “Countries as diverse as Israel and Uruguay have successfully secured adequacy with Brussels despite having their own data regimes. Not all of those were identical to GDPR, but equal doesn’t have to mean the same. The EU doesn’t hold the monopoly on data protection.”

The devil will, as they say, be in the detail. But some early signals are concerning — and the UK’s startup ecosystem would be well advised to take an active role in impressing upon government the importance to stay aligned with European data standards.

Moreover, there’s also the prospect of a legal challenge to the adequacy decision — even as is, i.e. based on current UK standards (which find plenty of critics). Certainly it can’t be ruled out — and the CJEU hasn’t shied away from quashing other adequacy arrangements it judged to be invalid…

Today, though, the Department for Digital, Media, Culture and Sport (DCMS) has seized the chance to celebrate a PR win, writing that the Commission’s decision “rightly recognises the country’s high data protection standards”.

The department also reiterated the UK government’s intention to “promote the free flow of personal data globally and across borders”, including through what it bills as “ambitious new trade deals and through new data adequacy agreements with some of the fastest growing economies” — simultaneously claiming it would do so “while ensuring people’s data continues to be protected to a high standard”. Pinky promise.

“All future decisions will be based on what maximises innovation and keeps up with evolving tech,” the DCMS added in a press release. “As such, the government’s approach will seek to minimise burdens on organisations seeking to use data to tackle some of the most pressing global issues, including climate change and the prevention of disease.”

In a statement, Dowden also made a point of combining both streams, saying: “We will now focus on unlocking the power of data to drive innovation and boost the economy while making sure we protect people’s safety and privacy.”

UK business and tech associations were just as quick to welcome the Commission’s adequacy decision. The alternative would of course have been very costly disruption.

In a statement, John Foster, director of policy for the Confederation of British Industry, said: “This breakthrough in the EU-UK adequacy decision will be welcomed by businesses across the country. The free flow of data is the bedrock of the modern economy and essential for firms across all sectors– from automotive to logistics — playing an important role in everyday trade of goods and services. This positive step will help us move forward as we develop a new trading relationship with the EU.”

In another supporting statement, Julian David, CEO of techUK, added: “Securing an EU-UK adequacy decision has been a top priority for techUK and the wider tech industry since the day after the 2016 referendum. The decision that the UK’s data protection regime offers an equivalent level of protection to the EU GDPR is a vote of confidence in the UK’s high data protection standards and is of vital importance to UK-EU trade as the free flow of data is essential to all business sectors.

“The data adequacy decision also provides a basis for the UK and EU to work together on global routes for the free flow of data with trust, building on the G7 Digital and Technology declaration and possibly unlocking €2TR of growth. The UK must also now move to complete the development of its own international data transfer regime in order to allow companies in the UK not just to exchange data with the EU but also to be able to access opportunities across the world.”

The Commission has actually adopted two UK adequacy decisions today — one under the General Data Protection Regulation (GDPR) and another for the Law Enforcement Directive.

Discussing key elements in its decision to grant the UK adequacy, EU lawmakers highlighted the fact the UK’s (current) system is based upon transposed European rules; that access to personal data by public authorities in the UK (such as for national security reasons) is done under a framework that has what it dubbed as “strong safeguards” (such as intercepts being subject to prior authorisation by an independent judicial body; measures needing to be necessary and proportionate; and redress mechanisms for those who believe they are subject to unlawful surveillance).

The Commission also noted that the UK is subject to the jurisdiction of the European Court of Human Rights; must adhere to the European Convention of Human Rights; and the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data — aka “the only binding international treaty in the area of data protection”.

“These international commitments are an essential elements of the legal framework assessed in the two adequacy decisions,” the Commission notes. 

Data transfers for the purposes of UK immigration control have been excluded from the scope of the adequacy decision adopted under the GDPR — with the Commission saying that’s “in order to reflect a recent judgment of the England and Wales Court of Appeal on the validity and interpretation of certain restrictions of data protection rights in this area”.

“The Commission will reassess the need for this exclusion once the situation has been remedied under UK law,” it added.

So, again, there’s another caveat right there.

#brexit, #data-controller, #data-protection, #data-security, #encryption, #europe, #european-commission, #european-court-of-human-rights, #european-data-protection-board, #european-union, #general-data-protection-regulation, #oliver-dowden, #personal-data, #policy, #privacy, #surveillance-law, #uk-government, #united-kingdom, #united-states

Dear EU: It’s time to get a grip

The EU for all its lethargy, faults and fetishization of bureaucracy, is, ultimately, a good idea. It might be 64 years from the formation of the European Common Market, but it is 29 years since the EU’s formation in the Maastricht Treaty, and this international entity is definitely still acting like an indecisive millennial, happy to flit around tech startup policy. It’s long due time for this digital nomad to commit to one ‘location’ on how it treats startups.

If there’s one thing we can all agree on, this is a unique moment in time. The COVID-19 pandemic has accelerated the acceptance of technology globally, especially in Europe. Thankfully, tech companies and startups have proven to be more resilient than much of the established economy. As a result, the EU’s political leaders have started to look towards the innovation economy for a more sustainable future in Europe.

But this moment has not come soon enough.

The European tech scene is still lagging behind its US and Asia counterparts in numbers of startups created, talent in the tech sector, financing rounds, and IPOs / exits. It doesn’t help, of course, that the European market is so fractionalized, and will be for a long time to come.

But there is absolutely no excuse when it comes to the EU’s obligations to reform startup legislation, taxation, and the development of talent, to “level the playing field” against the US and Asian tech giants.

But, to put it bluntly: The EU can’t seem to get its shit together around startups.

Consider this litany of proposals.

Starting as far back a 2016 we had the Start-Up and Scale-Up Initiative. We even had the Scale-Up Manifesto in the same year. Then there was the Cluj Recommendations (2019), and the Not Optional campaign for options reform in 2020.

Let’s face it, the community of VC´s, founders, and startup associations in Europe has been saying mostly the same things for years, to national and European leaders.

Finally, this year, we got something approaching a summation of all these efforts.

Portugal, which has the European presidency for the first half of this year, took the bull by its horns and created something approaching a final draft of what the EU needs.

After, again, intense consultations with European ecosystem stakeholders, it identified eight best practices in order to level the playing field covering the gamut of issues such as fast startup creation, talent, stock options, innovation in regulation and access to finance. You name it, it covered it.

These were then put into the Startup Nations Standard and presented to the European Council at Digital Day on March 19th, together with the European Commission’s DG CNECT and its Commissioner Tierry Breton. I wrote about this at the time.

Would the EU finally get a grip, and sign up for these evidently workable proposals?

It seemed, at least, that we might be getting somewhere. Some 25 member states signed the declaration that day, and perhaps for the first time, the political consensus seemed to be forming around this policy.

Indeed, a body set up to shepherd the initiative (the European Startup Nations Alliance) was even announced by Portuguese Prime Minister António Costa which, he said, would be tasked with monitoring, developing and optimizing the standards, collecting data from the member states on their success and failure, and reporting on its findings in a bi-annual conference aligned with the changing presidency of the European Council.

It would seem we could pop open a chilled bottle of DOC Bairrada Espumante and celebrate that Europe might finally start implementing at least the basics from these suggested policies.

But no. With the pandemic still raging, it seemed the EU’s leaders still had plenty of time on their hands to ponder these subjects.

Thus it was that the Scaleup Europe initiative emerged from the mind of Emmanuel Macron, assembling a select group of 150-plus of Europe’s leading tech founders, investors, researchers, corporate CEOs and government officials to do some more pondering about startups. And then there was the Global Powerhouse Initiative of DG Research & Innovations Commissioner, Mariya Gabriel.

Yes, ladies and gentlemen, we were about to go through this process all over again, with the EU acting as if it had the memory span of a giant goldfish.

Now, I’m not arguing that all these collective actions are a bad thing. But, by golly, European startups need more decisive action than this.

As things stand, instead of implementing the very reasonable Portuguese proposals, we will now have to wait for the EU’s wheels to slowly turn until the French presidency comes around next year.

That said, with any luck, a body to oversee the implementation of tech startup policy that is mandated by the European community, composed of organizations like La French Tech, Startup Portugal and Startup Estonia, might finally seem within reach.

But to anyone from the outside, it feels again as if the gnashing of EU policy teeth will have to go on yet longer. With the French calling for a ‘La French Tech for Europe’ and the Portuguese having already launched ESNA, the efforts seem far from coordinated.

In the final analysis, tech startup founders and investors could not care less where this new body comes from or which country launches it.

After years of contributions, years of consultations, the time for action is now.

It’s time for EU member states to agree, and move forward, helping other member states catch up based on established best practices.

It’s time for the long-awaited European Tech Giants to blossom, take on the US-born Big Tech Giants, and for Europe to finally punch its weight.

#articles, #asia, #emmanuel-macron, #entrepreneurship, #europe, #european-commission, #european-union, #french-tech, #mariya-gabriel, #opinion, #portugal, #private-equity, #startup-company, #tc, #united-states

LinkedIn formally joins EU Code on hate speech takedowns

Microsoft-owned LinkedIn has committed to doing more to quickly purge illegal hate speech from its platform in the European Union by formally signing up to a self-regulatory initiative that seeks to tackle the issue through a voluntary Code of Conduct.

In statement today, the European Commission announced that the professional social network has joined the EU’s Code of Conduct on Countering Illegal Hate Speech Online, with justice commissioner, Didier Reynders, welcoming LinkedIn’s (albeit tardy) participation, and adding in a statement that the code “is and will remain an important tool in the fight against hate speech, including within the framework established by digital services legislation”.

“I invite more businesses to join, so that the online world is free from hate,” Reynders added.

While LinkedIn’s name wasn’t formally associated with the voluntary Code before now it said it has “supported” the effort via parent company Microsoft, which was already signed up.

In a statement on its decision to formally join now, it also said:

“LinkedIn is a place for professional conversations where people come to connect, learn and find new opportunities. Given the current economic climate and the increased reliance jobseekers and professionals everywhere are placing on LinkedIn, our responsibility is to help create safe experiences for our members. We couldn’t be clearer that hate speech is not tolerated on our platform. LinkedIn is a strong part of our members’ professional identities for the entirety of their career — it can be seen by their employer, colleagues and potential business partners.”

In the EU ‘illegal hate speech’ can mean content that espouses racist or xenophobic views, or which seeks to incite violence or hatred against groups of people because of their race, skin color, religion or ethnic origin etc.

A number of Member States have national laws on the issue — and some have passed their own legislation specifically targeted at the digital sphere. So the EU Code is supplementary to any actual hate speech legislation. It is also non-legally binding.

The initiative kicked off back in 2016 — when a handful of tech giants (Facebook, Twitter, YouTube and Microsoft) agreed to accelerate takedowns of illegal speech (or well, attach their brand names to the PR opportunity associated with saying they would).

Since the Code became operational, a handful of other tech platforms have joined — with video sharing platform TikTok signing up last October, for example.

But plenty of digital services (notably messaging platforms) still aren’t participating. Hence the Commission’s call for more digital services companies to get on board.

At the same time, the EU is in the process of firming up hard rules in the area of illegal content.

Last year the Commission proposed broad updates (aka the Digital Services Act) to existing ecommerce rules to set operational ground rules that they said are intended to bring online laws in line with offline legal requirements — in areas such as illegal content, and indeed illegal goods. So, in the coming years, the bloc will get a legal framework that tackles — at least at a high level — the hate speech issue, not merely a voluntary Code. 

The EU also recently adopted legislation on terrorist content takedowns (this April) — which is set to start applying to online platforms from next year.

But it’s interesting to note that, on the perhaps more controversial issue of hate speech (which can deeply intersect with freedom of expression), the Commission wants to maintain a self-regulatory channel alongside incoming legislation — as Reynders’ remarks underline.

Brussels evidently sees value in having a mixture of ‘carrots and sticks’ where hot button digital regulation issues are concerned. Especially in the controversial ‘danger zone’ of speech regulation.

So, while the DSA is set to bake in standardized ‘notice and response’ procedures to help digital players swiftly respond to illegal content, by keeping the hate speech Code around it means there’s a parallel conduit where key platforms could be encouraged by the Commission to commit to going further than the letter of the law (and thereby enable lawmakers to sidestep any controversy if they were to try to push more expansive speech moderation measures into legislation).

The EU has — for several years — had a voluntary a Code of Practice on Online Disinformation too. (And a spokeswoman for LinkedIn confirmed it has been signed up to that since its inception, also through its parent company Microsoft.)

And while lawmakers recently announced a plan to beef that Code up — to make it “more binding”, as they oxymoronically put it — it certainly isn’t planning to legislate on that (even fuzzier) speech issue.

In further public remarks today on the hate speech Code, the Commission said that a fifth monitoring exercise in June 2020 showed that on average companies reviewed 90% of reported content within 24 hours and removed 71% of content that was considered to be illegal hate speech.

It added that it welcomed the results — but also called for signatories to redouble their efforts, especially around providing feedback to users and in how they approach transparency around reporting and removals.

The Commission has also repeatedly calls for platforms signed up to the disinformation Code to do more to tackle the tsunami of ‘fake news’ being fenced on their platforms, including — on the public health front — what they last year dubbed a coronavirus infodemic.

The COVID-19 crisis has undoubtedly contributed to concentrating lawmakers’ minds on the complex issue of how to effectively regulate the digital sphere and likely accelerated a number of EU efforts.

 

#brussels, #code-of-conduct-on-countering-illegal-hate-speech, #covid-19, #digital-services-act, #europe, #european-commission, #european-union, #facebook, #freedom-of-speech, #hate-speech, #homophobia, #linkedin, #microsoft, #online-disinformation, #online-platforms, #policy, #racism, #social, #social-network

Europe’s Divisions on Vivid Display Over Hungary and Russia

In a summit of European Union leaders, there were fierce, emotional arguments about Hungary’s new law on sex education and about how and when to meet Russia’s president.

#belarus, #bettel-xavier-1973, #european-commission, #european-union, #hungary, #macron-emmanuel-1977, #merkel-angela, #orban-viktor, #putin-vladimir-v, #russia

A Culture War Between Hungary and Europe Escalates Over L.G.B.T. Bill

E.U. leaders say that they will do all they can to thwart a proposed new law in Hungary that would, they say, equate homosexuality with pedophilia.

#discrimination, #europe, #european-commission, #european-union, #homosexuality-and-bisexuality, #hungary, #law-and-legislation, #politics-and-government

EU antitrust regulators launch probe into Google’s FLoC plan

Close-up shot of the Chrome web browser's logo on an Android screen.

Enlarge (credit: Getty Images | NurPhoto )

The European Commission today said it has begun investigating Google for “possible anticompetitive conduct” in the market for online advertising technology.

The EC announcement said the formal antitrust investigation will “assess whether Google has violated EU competition rules by favoring its own online display advertising technology services in the so-called ‘ad tech’ supply chain, to the detriment of competing providers of advertising technology services, advertisers and online publishers.” The EC said it will “examine whether Google is distorting competition by restricting access by third parties to user data for advertising purposes on websites and apps, while reserving such data for its own use.”

Chrome and Android figure into the investigation. The EC said it will investigate “Google’s announced plans to prohibit the placement of third-party ‘cookies’ on Chrome and replace them with the ‘Privacy Sandbox’ set of tools, including the effects on online display advertising and online display advertising intermediation markets.” Google’s Privacy Sandbox is also called FLoC, for Federated Learning of Cohorts.

Read 12 remaining paragraphs | Comments

#android, #antitrust, #chrome, #european-commission, #google, #policy

Google Facing Fresh E.U. Inquiry Over Ad Technology

The bloc’s investigation, which takes aim at the heart of Google’s business model, is part of a push to regulate the world’s largest technology companies.

#advertising-and-marketing, #antitrust-laws-and-competition-issues, #computers-and-the-internet, #europe, #european-commission, #european-union, #google-inc, #online-advertising

EU is now investigating Google’s adtech over antitrust concerns

EU antitrust authorities are finally taking a broad and deep look into Google’s adtech stack and role in the online ad market — confirming today that they’ve opened a formal investigation.

Google has already been subject to three major EU antitrust enforcements over the past five years — against Google Shopping (2017), Android (2018) and AdSense (2019). But the European Commission has, until now, avoided officially wading into the broader issue of its role in the adtech supply chain. (The AdSense investigation focused on Google’s search ad brokering business, though Google claims the latest probe represents that next stage of that 2019 enquiry, rather than stemming from a new complaint).

The Commission said that the new Google antitrust investigation will assess whether it has violated EU competition rules by “favouring its own online display advertising technology services in the so called ‘ad tech’ supply chain, to the detriment of competing providers of advertising technology services, advertisers and online publishers”.

Display advertising spending in the EU in 2019 was estimated to be approximately €20BN, per the Commission.

“The formal investigation will notably examine whether Google is distorting competition by restricting access by third parties to user data for advertising purposes on websites and apps, while reserving such data for its own use,” it added in a press release.

Earlier this month, France’s competition watchdog fined Google $268M in a case related to self-preferencing within the adtech market — which the watchdog found constituted an abuse by Google of a dominant position for ad servers for website publishers and mobile apps.

In that instance Google sought a settlement — proposing a number of binding interoperability agreements which the watchdog accepted. So it remains to be seen whether the tech giant may seek to push for a similar outcome at the EU level.

There is one cautionary signal in that respect in the Commission’s press release which makes a point of flagging up EU data protection rules — and highlighting the need to take into account the protection of “user privacy”.

That’s an interesting side-note for the EU’s antitrust division to include, given some of the criticism that France’s Google adtech settlement has attracted — for risking cementing abusive user exploitation (in the form of adtech privacy violations) into the sought for online advertising market rebalancing.

Or as Cory Doctorow neatly explains it in this Twitter thread: “The last thing we want is competition in practices that harm the public.”

Aka, unless competition authorities wise up to the data abuses being perpetuated by dominant tech platforms — such as through enlightened competition authorities engaging in close joint-working with privacy regulators (in the EU this is, at least, possible since there’s regulation in both areas) — there’s a very real risk that antitrust enforcement against Big (ad)Tech could simply supercharge the user-hostile privacy abuses that surveillance giants have only been able to get away with because of their market muscle.

So, tl;dr, ill-thought through antitrust enforcement actually risks further eroding web users’ rights… and that would indeed be a terrible outcome. (Unless you’re Google; then it would represent successfully playing one regulator off against another at the expense of users.)

The need for competition and privacy regulators to work together to purge Big Tech market abuses has become an active debate in Europe — where a few pioneering regulators (like German’s FCO) are ahead of the pack.

The UK’s Competition and Markets Authority (CMA) and Information Commissioner’s Office (ICO) also recently put out a joint statement — laying out their conviction that antitrust and data protection regulators must work together to foster a thriving digital economy that’s healthy across all dimensions — i.e. for competitors, yes, but also for consumers.

A recent CMA proposed settlement related to Google’s planned replacement for tracking cookies — aka ‘Privacy Sandbox’, which has also been the target of antitrust complaints by publishers — was notable in baking in privacy commitments and data protection oversight by the ICO in addition to the CMA carrying out its competition enforcement role.

It’s fair to say that the European Commission has lagged behind such pioneers in appreciating the need for synergistic regulatory joint-working, with the EU’s antitrust chief roundly ignoring — for example — calls to block Google’s acquisition of Fitbit over the data advantage it would entrench, in favor of accepting a few ‘concessions’ to waive the deal through.

So it’s interesting to see the EU’s antitrust division here and now — at the very least — virtue signalling an awareness of the problem of regional regulators approaching competition and privacy as if they exist in firewalled silos.

Whether this augurs the kind of enlightened regulatory joint working — to achieve holistically healthy and dynamic digital markets — which will certainly be essential if the EU is to effectively grapple with surveillance capitalism very much remains to be seen. But we can at least say that the inclusion of the below statement in an EU antitrust division press release represents a change of tone (and that, in itself, looks like a step forward…):

“Competition law and data protection laws must work hand in hand to ensure that display advertising markets operate on a level playing field in which all market participants protect user privacy in the same manner.”

Returning to the specifics of the EU’s Google adtech probe, the Commission says it will be particularly examining:

  • The obligation to use Google’s services Display & Video 360 (‘DV360′) and/or Google Ads to purchase online display advertisements on YouTube.
  • The obligation to use Google Ad Manager to serve online display advertisements on YouTube, and potential restrictions placed by Google on the way in which services competing with Google Ad Manager are able to serve online display advertisements on YouTube.
  • The apparent favouring of Google’s ad exchange “AdX” by DV360 and/or Google Ads and the potential favouring of DV360 and/or Google Ads by AdX.
  • The restrictions placed by Google on the ability of third parties, such as advertisers, publishers or competing online display advertising intermediaries, to access data about user identity or user behaviour which is available to Google’s own advertising intermediation services, including the Doubleclick ID.
  • Google’s announced plans to prohibit the placement of third party ‘cookies’ on Chrome and replace them with the “Privacy Sandbox” set of tools, including the effects on online display advertising and online display advertising intermediation markets.
  • Google’s announced plans to stop making the advertising identifier available to third parties on Android smart mobile devices when a user opts out of personalised advertising, and the effects on online display advertising and online display advertising intermediation markets.

Commenting on the investigation in a statement, Commission EVP and competition chief, Margrethe Vestager, added:

“Online advertising services are at the heart of how Google and publishers monetise their online services. Google collects data to be used for targeted advertising purposes, it sells advertising space and also acts as an online advertising intermediary. So Google is present at almost all levels of the supply chain for online display advertising. We are concerned that Google has made it harder for rival online advertising services to compete in the so-called ad tech stack. A level playing field is of the essence for everyone in the supply chain. Fair competition is important — both for advertisers to reach consumers on publishers’ sites and for publishers to sell their space to advertisers, to generate revenues and funding for content. We will also be looking at Google’s policies on user tracking to make sure they are in line with fair competition.”

Contacted for comment on the Commission investigation, a Google spokesperson sent us this statement:

“Thousands of European businesses use our advertising products to reach new customers and fund their websites every single day. They choose them because they’re competitive and effective. We will continue to engage constructively with the European Commission to answer their questions and demonstrate the benefits of our products to European businesses and consumers.”

Google also claimed that publishers keep around 70% of the revenue when using its products — saying in some instances it can be more.

It also suggested that publishers and advertisers often use multiple technologies simultaneously, further claiming that it builds its own technologies to be interoperable with more than 700 rival platforms for advertisers and 80 rival platforms for publishers.

#adtech, #android, #antitrust, #competition-and-markets-authority, #cory-doctorow, #doubleclick, #europe, #european-commission, #european-union, #fitbit, #france, #google, #information-commissioners-office, #margrethe-vestager, #marketing, #mobile-devices, #online-advertising, #privacy-sandbox, #targeted-advertising, #tc, #united-kingdom

Perspectives on tackling Big Tech’s market power

The need for markets-focused competition watchdogs and consumer-centric privacy regulators to think outside their respective ‘legal silos’ and find creative ways to work together to tackle the challenge of big tech market power was the impetus for a couple of fascinating panel discussions organized by the Centre for Economic Policy Research (CEPR), which were livestreamed yesterday but are available to view on-demand here.

The conversations brought together key regulatory leaders from Europe and the US — giving a glimpse of what the future shape of digital markets oversight might look like at a time when fresh blood has just been injected to chair the FTC so regulatory change is very much in the air (at least around tech antitrust).

CEPR’s discussion premise is that integration, not merely intersection, of competition and privacy/data protection law is needed to get a proper handle on platform giants that have, in many cases, leveraged their market power to force consumers to accept an abusive ‘fee’ of ongoing surveillance.

That fee both strips consumers of their privacy and helps tech giants perpetuate market dominance by locking out interesting new competition (which can’t get the same access to people’s data so operates at a baked in disadvantage).

A running theme in Europe for a number of years now, since a 2018 flagship update to the bloc’s data protection framework (GDPR), has been the ongoing under-enforcement around the EU’s ‘on-paper’ privacy rights — which, in certain markets, means regional competition authorities are now actively grappling with exactly how and where the issue of ‘data abuse’ fits into their antitrust legal frameworks.

The regulators assembled for CEPR’s discussion included, from the UK, the Competition and Markets Authority’s CEO Andrea Coscelli and the information commissioner, Elizabeth Denham; from Germany, the FCO’s Andreas Mundt; from France, Henri Piffaut, VP of the French competition authority; and from the EU, the European Data Protection Supervisor himself, Wojciech Wiewiórowski, who advises the EU’s executive body on data protection legislation (and is the watchdog for EU institutions’ own data use).

The UK’s CMA now sits outside the EU, of course — giving the national authority a higher profile role in global mergers & acquisition decisions (vs pre-brexit), and the chance to help shape key standards in the digital sphere via the investigations and procedures it chooses to pursue (and it has been moving very quickly on that front).

The CMA has a number of major antitrust probes open into tech giants — including looking into complaints against Apple’s App Store and others targeting Google’s plan to depreciate support for third party tracking cookies (aka the so-called ‘Privacy Sandbox’) — the latter being an investigation where the CMA has actively engaged the UK’s privacy watchdog (the ICO) to work with it.

Only last week the competition watchdog said it was minded to accept a set of legally binding commitments that Google has offered which could see a quasi ‘co-design’ process taking place, between the CMA, the ICO and Google, over the shape of the key technology infrastructure that ultimately replaces tracking cookies. So a pretty major development.

Germany’s FCO has also been very active against big tech this year — making full use of an update to the national competition law which gives it the power to take proactive inventions around large digital platforms with major competitive significance — with open procedures now against Amazon, Facebook and Google.

The Bundeskartellamt was already a pioneer in pushing to loop EU data protection rules into competition enforcement in digital markets in a strategic case against Facebook, as we’ve reported before. That closely watched (and long running) case — which targets Facebook’s ‘superprofiling’ of users, based on its ability to combine user data from multiple sources to flesh out a single high dimension per-user profile — is now headed to Europe’s top court (so likely has more years to run).

But during yesterday’s discussion Mundt confirmed that the FCO’s experience litigating that case helped shape key amendments to the national law that’s given him beefier powers to tackle big tech. (And he suggested it’ll be a lot easier to regulate tech giants going forward, using these new national powers.)

“Once we have designated a company to be of ‘paramount significance’ we can prohibit certain conduct much more easily than we could in the past,” he said. “We can prohibit, for example, that a company impedes other undertaking by data processing that is relevant for competition. We can prohibit that a use of service depends on the agreement to data collection with no choice — this is the Facebook case, indeed… When this law was negotiated in parliament parliament very much referred to the Facebook case and in a certain sense this entwinement of competition law and data protection law is written in a theory of harm in the German competition law.

“This makes a lot of sense. If we talk about dominance and if we assess that this dominance has come into place because of data collection and data possession and data processing you need a parameter in how far a company is allowed to gather the data to process it.”

“The past is also the future because this Facebook case… has always been a big case. And now it is up to the European Court of Justice to say something on that,” he added. “If everything works well we might get a very clear ruling saying… as far as the ECN [European Competition Network] is concerned how far we can integrate GDPR in assessing competition matters.

“So Facebook has always been a big case — it might get even bigger in a certain sense.”

France’s competition authority and its national privacy regulator (the CNIL), meanwhile, have also been joint working in recent years.

Including over a competition complaint against Apple’s pro-user privacy App Tracking Transparency feature (which last month the antitrust watchdog declined to block) — so there’s evidence there too of respective oversight bodies seeking to bridge legal silos in order to crack the code of how to effectively regulate tech giants whose market power, panellists agreed, is predicated on earlier failures of competition law enforcement that allowed tech platforms to buy up rivals and sew up access to user data, entrenching advantage at the expense of user privacy and locking out the possibility of future competitive challenge.

The contention is that monopoly power predicated upon data access also locks consumers into an abusive relationship with platform giants which can then, in the case of ad giants like Google and Facebook, extract huge costs (paid not in monetary fees but in user privacy) for continued access to services that have also become digital staples — amping up the ‘winner takes all’ characteristic seen in digital markets (which is obviously bad for competition too).

Yet, traditionally at least, Europe’s competition authorities and data protection regulators have been focused on separate workstreams.

The consensus from the CEPR panels was very much that that is both changing and must change if civil society is to get a grip on digital markets — and wrest control back from tech giants to that ensure consumers and competitors aren’t both left trampled into the dust by data-mining giants.

Denham said her motivation to dial up collaboration with other digital regulators was the UK government entertaining the idea of creating a one-stop-shop ‘Internet’ super regulator. “What scared the hell out of me was the policymakers the legislators floating the idea of one regulator for the Internet. I mean what does that mean?” she said. “So I think what the regulators did is we got to work, we got busy, we become creative, got our of our silos to try to tackle these companies — the likes of which we have never seen before.

“And I really think what we have done in the UK — and I’m excited if others think it will work in their jurisdictions — but I think that what really pushed us is that we needed to show policymakers and the public that we had our act together. I think consumers and citizens don’t really care if the solution they’re looking for comes from the CMA, the ICO, Ofcom… they just want somebody to have their back when it comes to protection of privacy and protection of markets.

“We’re trying to use our regulatory levers in the most creative way possible to make the digital markets work and protect fundamental rights.”

During the earlier panel, the CMA’s Simeon Thornton, a director at the authority, made some interesting remarks vis-a-vis its (ongoing) Google ‘Privacy Sandbox’ investigation — and the joint working it’s doing with the ICO on that case — asserting that “data protection and respecting users’ rights to privacy are very much at the heart of the commitments upon which we are currently consulting”.

“If we accept the commitments Google will be required to develop the proposals according to a number of criteria including impacts on privacy outcomes and compliance with data protection principles, and impacts on user experience and user control over the use of their personal data — alongside the overriding objective of the commitments which is to address our competition concerns,” he went on, adding: “We have worked closely with the ICO in seeking to understand the proposals and if we do accept the commitments then we will continue to work closely with the ICO in influencing the future development of those proposals.”

“If we accept the commitments that’s not the end of the CMA’s work — on the contrary that’s when, in many respects, the real work begins. Under the commitments the CMA will be closely involved in the development, implementation and monitoring of the proposals, including through the design of trials for example. It’s a substantial investment from the CMA and we will be dedicating the right people — including data scientists, for example, to the job,” he added. “The commitments ensure that Google addresses any concerns that the CMA has. And if outstanding concerns cannot be resolved with Google they explicitly provide for the CMA to reopen the case and — if necessary — impose any interim measures necessary to avoid harm to competition.

“So there’s no doubt this is a big undertaking. And it’s going to be challenging for the CMA, I’m sure of that. But personally I think this is the sort of approach that is required if we are really to tackle the sort of concerns we’re seeing in digital markets today.”

Thornton also said: “I think as regulators we do need to step up. We need to get involved before the harm materializes — rather than waiting after the event to stop it from materializing, rather than waiting until that harm is irrevocable… I think it’s a big move and it’s a challenging one but personally I think it’s a sign of the future direction of travel in a number of these sorts of cases.”

Also speaking during the regulatory panel session was FTC commissioner Rebecca Slaughter — a dissenter on the $5BN fine it hit Facebook with back in 2019 for violating an earlier consent order (as she argued the settlement provided no deterrent to address underlying privacy abuse, leaving Facebook free to continue exploiting users’ data) — as well as Chris D’Angelo, the chief deputy AG of the New York Attorney General, which is leading a major states antitrust case against Facebook.

Slaughter pointed out that the FTC already combines a consumer focus with attention on competition but said that historically there has been separation of divisions and investigations — and she agreed on the need for more joined-up working.

She also advocated for US regulators to get out of a pattern of ineffective enforcement in digital markets on issues like privacy and competition where companies have, historically, been given — at best — what amounts to wrist slaps that don’t address root causes of market abuse, perpetuating both consumer abuse and market failure. And be prepared to litigate more.

As regulators toughen up their stipulations they will need to be prepared for tech giants to push back — and therefore be prepared to sue instead of accepting a weak settlement.

“That is what is most galling to me that even where we take action, in our best faith good public servants working hard to take action, we keep coming back to the same questions, again and again,” she said. “Which means that the actions we are taking isn’t working. We need different action to keep us from having the same conversation again and again.”

Slaughter also argued that it’s important for regulators not to pile all the burden of avoiding data abuses on consumers themselves.

“I want to sound a note of caution around approaches that are centered around user control,” she said. “I think transparency and control are important. I think it is really problematic to put the burden on consumers to work through the markets and the use of data, figure out who has their data, how it’s being used, make decisions… I think you end up with notice fatigue; I think you end up with decision fatigue; you get very abusive manipulation of dark patterns to push people into decisions.

“So I really worry about a framework that is built at all around the idea of control as the central tenant or the way we solve the problem. I’ll keep coming back to the notion of what instead we need to be focusing on is where is the burden on the firms to limit their collection in the first instance, prohibit their sharing, prohibit abusive use of data and I think that that’s where we need to be focused from a policy perspective.

“I think there will be ongoing debates about privacy legislation in the US and while I’m actually a very strong advocate for a better federal framework with more tools that facilitate aggressive enforcement but I think if we had done it ten years ago we probably would have ended up with a notice and consent privacy law and I think that that would have not been a great outcome for consumers at the end of the day. So I think the debate and discussion has evolved in an important way. I also think we don’t have to wait for Congress to act.”

As regards more radical solutions to the problem of market-denting tech giants — such as breaking up sprawling and (self-servingly) interlocking services empires — the message from Europe’s most ‘digitally switched on’ regulators seemed to be don’t look to us for that; we are going to have to stay in our lanes.

So tl;dr — if antitrust and privacy regulators’ joint working just sums to more intelligent fiddling round the edges of digital market failure, and it’s break-ups of US tech giants that’s what’s really needed to reboot digital markets, then it’s going to be up to US agencies to wield the hammers. (Or, as Coscelli elegantly phrased it: “It’s probably more realistic for the US agencies to be in the lead in terms of structural separation if and when it’s appropriate — rather than an agency like ours [working from inside a mid-sized economy such as the UK’s].”)

The lack of any representative from the European Commission on the panel was an interesting omission in that regard — perhaps hinting at ongoing ‘structural separation’ between DG Comp and DG Justice where digital policymaking streams are concerned.

The current competition chief, Margrethe Vestager — who also heads up digital strategy for the bloc, as an EVP — has repeatedly expressed reluctance to impose radical ‘break up’ remedies on tech giants. She also recently preferred to waive through another Google digital merger (its acquisition of fitness wearable Fitbit) — agreeing to accept a number of ‘concessions’ and ignoring major mobilization by civil society (and indeed EU data protection agencies) urging her to block it.

Yet in an earlier CEPR discussion session, another panellist — Yale University’s Dina Srinivasan — pointed to the challenges of trying to regulate the behavior of companies when there are clear conflicts of interest, unless and until you impose structural separation as she said has been necessary in other markets (like financial services).

“In advertising we have an electronically traded market with exchanges and we have brokers on both sides. In a competitive market — when competition was working — you saw that those brokers were acting in the best interest of buyers and sellers. And as part of carrying out that function they were sort of protecting the data that belonged to buyers and sellers in that market, and not playing with the data in other ways — not trading on it, not doing conduct similar to insider trading or even front running,” she said, giving an example of how that changed as Google gained market power.

“So Google acquired DoubleClick, made promises to continue operating in that manner, the promises were not binding and on the record — the enforcement agencies or the agencies that cleared the merger didn’t make Google promise that they would abide by that moving forward and so as Google gained market power in that market there’s no regulatory requirement to continue to act in the best interests of your clients, so now it becomes a market power issue, and after they gain enough market power they can flip data ownership and say ‘okay, you know what before you owned this data and we weren’t allowed to do anything with it but now we’re going to use that data to for example sell our own advertising on exchanges’.

“But what we know from other markets — and from financial markets — is when you flip data ownership and you engage in conduct like that that allows the firm to now build market power in yet another market.”

The CMA’s Coscelli picked up on Srinivasan’s point — saying it was a “powerful” one, and that the challenges of policing “very complicated” situations involving conflicts of interests is something that regulators with merger control powers should be bearing in mind as they consider whether or not to green light tech acquisitions.

(Just one example of a merger in the digital space that the CMA is still scrutizing is Facebook’s acquisition of animated GIF platform Giphy. And it’s interesting to speculate whether, had brexit happened a little faster, the CMA might have stepped in to block Google’s Fitibit merger where the EU wouldn’t.)

Coscelli also flagged the issue of regulatory under-enforcement in digital markets as a key one, saying: “One of the reasons we are today where we are is partially historic under-enforcement by competition authorities on merger control — and that’s a theme that is extremely interesting and relevant to us because after the exit from the EU we now have a bigger role in merger control on global mergers. So it’s very important to us that we take the right decisions going forward.”

“Quite often we intervene in areas where there is under-enforcement by regulators in specific areas… If you think about it when you design systems where you have vertical regulators in specific sectors and horizontal regulators like us or the ICO we are more successful if the vertical regulators do their job and I’m sure they are more success if we do our job properly.

“I think we systematically underestimate… the ability of companies to work through whatever behavior or commitments or arrangement are offered to us, so I think these are very important points,” he added, signalling that a higher degree of attention is likely to be applied to tech mergers in Europe as a result of the CMA stepping out from the EU’s competition regulation umbrella.

Also speaking during the same panel, the EDPS warned that across Europe more broadly — i.e. beyond the small but engaged gathering of regulators brought together by CEPR — data protection and competition regulators are far from where they need to be on joint working, implying that the challenge of effectively regulating big tech across the EU is still a pretty Sisyphean one.

It’s true that the Commission is not sitting on hands in the face of tech giant market power.

At the end of last year it proposed a regime of ex ante regulations for so-called ‘gatekeeper’ platforms, under the Digital Markets Act. But the problem of how to effectively enforce pan-EU laws — when the various agencies involved in oversight are typically decentralized across Member States — is one key complication for the bloc. (The Commission’s answer with the DMA was to suggest putting itself in charge of overseeing gatekeepers but it remains to be seen what enforcement structure EU institutions will agree on.)

Clearly, the need for careful and coordinated joint working across multiple agencies with different legal competencies — if, indeed, that’s really what’s needed to properly address captured digital markets vs structural separation of Google’s search and adtech, for example, and Facebook’s various social products — steps up the EU’s regulatory challenge in digital markets.

“We can say that no effective competition nor protection of the rights in the digital economy can be ensured when the different regulators do not talk to each other and understand each other,” Wiewiórowski warned. “While we are still thinking about the cooperation it looks a little bit like everybody is afraid they will have to trade a little bit of its own possibility to assess.”

“If you think about the classical regulators isn’t it true that at some point we are reaching this border where we know how to work, we know how to behave, we need a little bit of help and a little bit of understanding of the other regulator’s work… What is interesting for me is there is — at the same time — the discussion about splitting of the task of the American regulators joining the ones on the European side. But even the statements of some of the commissioners in the European Union saying about the bigger role the Commission will play in the data protection and solving the enforcement problems of the GDPR show there is no clear understanding what are the differences between these fields.”

One thing is clear: Big tech’s dominance of digital markets won’t be unpicked overnight. But, on both sides of the Atlantic, there are now a bunch of theories on how to do it — and growing appetite to wade in.

#advertising-tech, #amazon, #andreas-mundt, #competition-and-markets-authority, #competition-law, #congress, #data-processing, #data-protection, #data-protection-law, #data-security, #digital-markets-act, #digital-rights, #doubleclick, #elizabeth-denham, #europe, #european-commission, #european-court-of-justice, #european-union, #facebook, #federal-trade-commission, #financial-services, #fitbit, #france, #general-data-protection-regulation, #germany, #human-rights, #margrethe-vestager, #policy, #privacy, #uk-government, #united-kingdom, #united-states, #yale-university

UK’s ICO warns over ‘big data’ surveillance threat of live facial recognition in public

The UK’s chief data protection regulator has warned over reckless and inappropriate use of live facial recognition (LFR) in public places.

Publishing an opinion today on the use of this biometric surveillance in public — to set out what is dubbed as the “rules of engagement” — the information commissioner, Elizabeth Denham, also noted that a number of investigations already undertaken by her office into planned applications of the tech have found problems in all cases.

“I am deeply concerned about the potential for live facial recognition (LFR) technology to be used inappropriately, excessively or even recklessly. When sensitive personal data is collected on a mass scale without people’s knowledge, choice or control, the impacts could be significant,” she warned in a blog post.

“Uses we’ve seen included addressing public safety concerns and creating biometric profiles to target people with personalised advertising.

“It is telling that none of the organisations involved in our completed investigations were able to fully justify the processing and, of those systems that went live, none were fully compliant with the requirements of data protection law. All of the organisations chose to stop, or not proceed with, the use of LFR.”

“Unlike CCTV, LFR and its algorithms can automatically identify who you are and infer sensitive details about you. It can be used to instantly profile you to serve up personalised adverts or match your image against known shoplifters as you do your weekly grocery shop,” Denham added.

“In future, there’s the potential to overlay CCTV cameras with LFR, and even to combine it with social media data or other ‘big data’ systems — LFR is supercharged CCTV.”

The use of biometric technologies to identify individuals remotely sparks major human rights concerns, including around privacy and the risk of discrimination.

Across Europe there are campaigns — such as Reclaim your Face — calling for a ban on biometric mass surveillance.

In another targeted action, back in May, Privacy International and others filed legal challenges at the controversial US facial recognition company, Clearview AI, seeking to stop it from operating in Europe altogether. (Some regional police forces have been tapping in — including in Sweden where the force was fined by the national DPA earlier this year for unlawful use of the tech.)

But while there’s major public opposition to biometric surveillance in Europe, the region’s lawmakers have so far — at best — been fiddling around the edges of the controversial issue.

A pan-EU regulation the European Commission presented in April, which proposes a risk-based framework for applications of artificial intelligence, included only a partial prohibition on law enforcement’s use of biometric surveillance in public places — with wide ranging exemptions that have drawn plenty of criticism.

There have also been calls for a total ban on the use of technologies like live facial recognition in public from MEPs across the political spectrum. The EU’s chief data protection supervisor has also urged lawmakers to at least temporarily ban the use of biometric surveillance in public.

The EU’s planned AI Regulation won’t apply in the UK, in any case, as the country is now outside the bloc. And it remains to be seen whether the UK government will seek to weaken the national data protection regime.

A recent report it commissioned to examine how the UK could revise its regulatory regime, post-Brexit, has — for example — suggested replacing the UK GDPR with a new “UK framework” — proposing changes to “free up data for innovation and in the public interest”, as it puts it, and advocating for revisions for AI and “growth sectors”. So whether the UK’s data protection regime will be put to the torch in a post-Brexit bonfire of ‘red tape’ is a key concern for rights watchers.

(The Taskforce on Innovation, Growth and Regulatory Reform report advocates, for example, for the complete removal of Article 22 of the GDPR — which gives people rights not to be subject to decisions based solely on automated processing — suggesting it be replaced with “a focus” on “whether automated profiling meets a legitimate or public interest test”, with guidance on that envisaged as coming from the Information Commissioner’s Office (ICO). But it should also be noted that the government is in the process of hiring Denham’s successor; and the digital minister has said he wants her replacement to take “a bold new approach” that “no longer sees data as a threat, but as the great opportunity of our time”. So, er, bye-bye fairness, accountability and transparency then?)

For now, those seeking to implement LFR in the UK must comply with provisions in the UK’s Data Protection Act 2018 and the UK General Data Protection Regulation (aka, its implementation of the EU GDPR which was transposed into national law before Brexit), per the ICO opinion, including data protection principles set out in UK GDPR Article 5, including lawfulness, fairness, transparency, purpose limitation, data minimisation, storage limitation, security and accountability.

Controllers must also enable individuals to exercise their rights, the opinion also said.

“Organisations will need to demonstrate high standards of governance and accountability from the outset, including being able to justify that the use of LFR is fair, necessary and proportionate in each specific context in which it is deployed. They need to demonstrate that less intrusive techniques won’t work,” wrote Denham. “These are important standards that require robust assessment.

“Organisations will also need to understand and assess the risks of using a potentially intrusive technology and its impact on people’s privacy and their lives. For example, how issues around accuracy and bias could lead to misidentification and the damage or detriment that comes with that.”

The timing of the publication of the ICO’s opinion on LFR is interesting in light of wider concerns about the direction of UK travel on data protection and privacy.

If, for example, the government intends to recruit a new, ‘more pliant’ information commissioner — who will happily rip up the rulebook on data protection and AI, including in areas like biometric surveillance — it will at least be rather awkward for them to do so with an opinion from the prior commissioner on the public record that details the dangers of reckless and inappropriate use of LFR.

Certainly, the next information commissioner won’t be able to say they weren’t given clear warning that biometric data is particularly sensitive — and can be used to estimate or infer other characteristics, such as their age, sex, gender or ethnicity.

Or that ‘Great British’ courts have previously concluded that “like fingerprints and DNA [a facial biometric template] is information of an ‘intrinsically private’ character”, as the ICO opinion notes, while underlining that LFR can cause this super sensitive data to be harvested without the person in question even being aware it’s happening. 

Denham’s opinion also hammers hard on the point about the need for public trust and confidence for any technology to succeed, warning that: “The public must have confidence that its use is lawful, fair, transparent and meets the other standards set out in data protection legislation.”

The ICO has previously published an Opinion into the use of LFR by police forces — which she said also sets “a high threshold for its use”. (And a few UK police forces — including the Met in London — have been among the early adopters of facial recognition technology, which has in turn led some into legal hot water on issues like bias.)

Disappointingly, though, for human rights advocates, the ICO opinion shies away from recommending a total ban on the use of biometric surveillance in public by private companies or public organizations — with the commissioner arguing that while there are risks with use of the technology there could also be instances where it has high utility (such as in the search for a missing child).

“It is not my role to endorse or ban a technology but, while this technology is developing and not widely deployed, we have an opportunity to ensure it does not expand without due regard for data protection,” she wrote, saying instead that in her view “data protection and people’s privacy must be at the heart of any decisions to deploy LFR”.

Denham added that (current) UK law “sets a high bar to justify the use of LFR and its algorithms in places where we shop, socialise or gather”.

“With any new technology, building public trust and confidence in the way people’s information is used is crucial so the benefits derived from the technology can be fully realised,” she reiterated, noting how a lack of trust in the US has led to some cities banning the use of LFR in certain contexts and led to some companies pausing services until rules are clearer.

“Without trust, the benefits the technology may offer are lost,” she also warned.

There is one red line that the UK government may be forgetting in its unseemly haste to (potentially) gut the UK’s data protection regime in the name of specious ‘innovation’. Because if it tries to, er, ‘liberate’ national data protection rules from core EU principles (of lawfulness, fairness, proportionality, transparency, accountability and so on) — it risks falling out of regulatory alignment with the EU, which would then force the European Commission to tear up a EU-UK data adequacy arrangement (on which the ink is still drying).

The UK having a data adequacy agreement from the EU is dependent on the UK having essentially equivalent protections for people’s data. Without this coveted data adequacy status UK companies will immediately face far greater legal hurdles to processing the data of EU citizens (as the US now does, in the wake of the demise of Safe Harbor and Privacy Shield). There could even be situations where EU data protection agencies order EU-UK data flows to be suspended altogether…

Obviously such a scenario would be terrible for UK business and ‘innovation’ — even before you consider the wider issue of public trust in technologies and whether the Great British public itself wants to have its privacy rights torched.

Given all this, you really have to wonder whether anyone inside the UK government has thought this ‘regulatory reform’ stuff through. For now, the ICO is at least still capable of thinking for them.

 

#artificial-intelligence, #biometrics, #clearview-ai, #data-protection, #data-protection-law, #elizabeth-denham, #europe, #european-commission, #european-union, #facial-recognition, #general-data-protection-regulation, #information-commissioners-office, #law-enforcement, #privacy, #privacy-international, #safe-harbor, #surveillance, #tc, #uk-government, #united-kingdom

UK’s CMA opens market study into Apple, Google’s mobile “duopoly”

The UK’s competition watchdog will take a deep dive look into Apple and Google’s dominance of the mobile ecosystem, it said today — announcing a market study which will examine the pair’s respective smartphone platforms (iOS and Android); their app stores (App Store and Play Store); and web browsers (Safari and Chrome). 

The Competition and Markets Authority (CMA) is concerned that the mobile platform giants’ “effective duopoly” in those areas  might be harming consumers, it added.

The study will be wide ranging, with the watchdog concerns about the nested gateways that are created as a result of the pair’s dominance of mobile ecosystem — intermediating how consumers can access a variety of products, content and services (such as music, TV and video streaming; fitness tracking, shopping and banking, to cite some of the examples provided by the CMA).

“These products also include other technology and devices such as smart speakers, smart watches, home security and lighting (which mobiles can connect to and control),” it went on, adding that it’s looking into whether their dominance of these pipes is “stifling competition across a range of digital markets”, saying too that it’s “concerned this could lead to reduced innovation across the sector and consumers paying higher prices for devices and apps, or for other goods and services due to higher advertising prices”.

The CMA further confirmed the deep dive will examine “any effects” of the pair’s market power over other businesses — giving the example of app developers who rely on Apple or Google to market their products to customers via their smart devices.

The watchdog already has an open investigation into Apple’s App Store, following a number of antitrust complaints by developers.

It is investigating Google’s planned depreciation of third party tracking cookies too, after complaints by adtech companies and publishers that the move could harm competition. (And just last week the CMA said it was minded to accept a series of concessions offered by Google that would enable the regulator to stop it turning off support for cookies entirely if it believes the move will harm competition.)

The CMA said both those existing investigations are examining issues that fall within the scope of the new mobile ecosystem market study but that its work on the latter will be “much broader”.

It added that it will adopt a joined-up approach across all related cases — “to ensure the best outcomes for consumers and other businesses”.

It’s giving itself a full year to examine Gapple’s mobile ecosystems.

It is also soliciting feedback on any of the issues raised in its statement of scope — calling for responses by 26 July. The CMA added that it’s also keen to hear from app developers, via its questionnaire, by the same date.

Taking on tech giants

The watchdog has previously scrutinized the digital advertising market — and found plenty to be concerned about vis-a-vis Google’s dominance there.

That earlier market study has been feeding the UK government’s plan to reform competition rules to take account of the market-deforming power of digital giants. And the CMA suggested the new market study, examining ‘Gapple’s’ mobile muscle, could similarly help shape UK-wide competition law reforms.

Last year the UK announced its plan to set up a “pro-competition” regime for regulating Internet platforms — including by establishing a dedicated Digital Markets Unit within the CMA (which got going earlier this year).

The legislation for the reform has not yet been put before parliament but the government has said it wants the competition regulator to be able to “proactively shape platforms’ behavior” to avoid harmful behavior before it happens” — saying too that it supports enabling ex ante interventions once a platform has been identified to have so-called “strategic market status”.

Germany already adopted similar reforms to its competition law (early this year), which enable proactive interventions to tackle large digital platforms with what is described as “paramount significance for competition across markets”. And its Federal Cartel Office has, in recent months, wasted no time in opening a number of proceedings to determine whether Amazon, Google and Facebook have such a status.

The CMA also sounds keen to get going to tackle Internet gatekeepers.

Commenting in a statement, CEO Andrea Coscelli said:

“Apple and Google control the major gateways through which people download apps or browse the web on their mobiles – whether they want to shop, play games, stream music or watch TV. We’re looking into whether this could be creating problems for consumers and the businesses that want to reach people through their phones.

“Our ongoing work into big tech has already uncovered some worrying trends and we know consumers and businesses could be harmed if they go unchecked. That’s why we’re pressing on with launching this study now, while we are setting up the new Digital Markets Unit, so we can hit the ground running by using the results of this work to shape future plans.”

The European Union also unveiled its own proposals for clipping the wings of big tech last year — presenting its Digital Markets Act plan in December which will apply a single set of operational rules to so-called “gatekeeper” platforms operating across the EU.

The clear trend in Europe on digital competition is toward increasing oversight and regulation of the largest platforms — in the hopes that antitrust authorities can impose measures that will help smaller players thrive.

Critics might say that’s just playing into the tech giants’ hands, though — because it’s fiddling around the edges when more radical intervention (break ups) are what’s really needed to reboot captured markets.

Apple and Google were contacted for comment on the CMA’s market study.

A Google spokesperson said: “Android provides people with more choice than any other mobile platform in deciding which apps they use, and enables thousands of developers and manufacturers to build successful businesses. We welcome the CMA’s efforts to understand the details and differences between platforms before designing new rules.”

According to Google, the Android App Economy generated £2.8BN in revenue for UK developers last year, which it claims supported 240,000 jobs across the country — citing a Public First report that it commissioned.

The tech giant also pointed to operational changes it has already made in Europe, following antitrust interventions by the European Commission — such as adding a choice screen to Android where users can pick from a list of alternative search engines.

Earlier this month it agreed to shift the format underlying that choice screen from an unpopular auction model to free participation.

#amazon, #android, #app-store, #apple, #apple-inc, #big-tech, #cma, #competition-and-markets-authority, #competition-law, #digital-markets-act, #digital-markets-unit, #duopoly, #europe, #european-commission, #european-union, #germany, #google, #ios, #mobile, #policy, #smartphone, #smartphones, #uk-government, #united-kingdom, #web-browsers

What Are The Roadblocks to a Covid Vaccine Passport?

Creating a digital certificate of vaccination against the coronavirus is one of the hottest debates right now. What’s keeping it from happening, and why are some people opposed?

#airlines-and-airplanes, #centers-for-disease-control-and-prevention, #computers-and-the-internet, #coronavirus-2019-ncov, #electronic-health-records, #european-commission, #mobile-applications, #privacy, #quarantine-life-and-culture, #states-us, #travel-and-vacations, #vaccination-and-immunization, #vaccination-proof-and-immunization-records

Meet Big Tech’s Tormenter in Chief

Margrethe Vestager is the European regulator trying to do something audacious: get companies like Apple, Amazon and Facebook to play fair and pay taxes.

#amazon-com-inc, #antitrust-laws-and-competition-issues, #apple-inc, #computers-and-the-internet, #corporate-taxes, #european-commission, #facebook-inc, #google-inc, #vestager-margrethe

Yellen’s New Alliance Against Leprechauns

Is the world finally ready to take on tax havens?

#apple-inc, #corporate-taxes, #corporations, #european-commission, #ireland, #tax-shelters, #taxation, #yellen-janet-l

Facebook’s use of ad data triggers antitrust probes in UK and EU

Facebook is facing a fresh pair of antitrust probes in Europe.

The UK’s Competition and Markets Authority (CMA) and the EU’s Competition Commission both announced formal investigations into the social media giant’s operations today — with what’s likely to have been co-ordinated timing.

The competition regulators will scrutinize how Facebook uses data from advertising customers and users of its single sign-on tool — specifically looking at whether it uses this data as an unfair lever against competitors in markets such as classified ads.

The pair also said they will seek to work closely together as their independent investigations progress.

With the UK outside the European trading bloc (post-Brexit), the national competition watchdog has a freer rein to pursue investigations that may be similar to or overlap with antitrust probes the EU is also undertaking.

And the two Facebook investigations do appear similar on the surface — with both broadly focused on how Facebook uses advertising data. (Though outcomes could of course differ.)

The danger for Facebook, here, is that a higher dimension of scrutiny will be applied to its business as a result of dual regulatory action — with the opportunity for joint working and cross-referencing of its responses (not to mention a little investigative competition between the UK and the EU’s agencies).

The CMA said it’s looking at whether Facebook has gained an unfair advantage over competitors in providing services for online classified ads and online dating through how it gathers and uses certain data.

Specifically, the UK’s regulator said it’s concerned that Facebook might have gained an unfair advantage over competitors providing services for online classified ads and online dating.

Facebook plays in both spaces of course, via Facebook Marketplace and Facebook Dating respectively.

In a statement on its action, CMA CEO, Andrea Coscelli, said: “We intend to thoroughly investigate Facebook’s use of data to assess whether its business practices are giving it an unfair advantage in the online dating and classified ad sectors. Any such advantage can make it harder for competing firms to succeed, including new and smaller businesses, and may reduce customer choice.”

The European Commission’s investigation will — similarly — focus on whether Facebook violated the EU’s competition rules by using advertising data gathered from advertisers in order to compete with them in markets where it is active.

Although it only cites classified ads as its example of the neighbouring market of particular concern for its probe.

The EU’s probe has another element, though, as it said it’s also looking at whether Facebook ties its online classified ads service to its social network in breach of the bloc’s competition rules.

In a separate (national) action, Germany’s competition authority opened a similar probe into Facebook tying Oculus to use of a Facebook account at the end of last year. So Facebook now has multiple antitrust probes on its plate in Europe, adding to its woes from the massive states antitrust lawsuit filed against it on home turf also back in December 2020.

“When advertising their services on Facebook, companies, which also compete directly with Facebook, may provide it commercially valuable data. Facebook might then use this data in order to compete against the companies which provided it,” the Commission noted in a press release.

“This applies in particular to online classified ads providers, the platforms on which many European consumers buy and sell products. Online classified ads providers advertise their services on Facebook’s social network. At the same time, they compete with Facebook’s own online classified ads service, ‘Facebook Marketplace’.”

The Commission added that a preliminary investigation it already undertook has raised concerns Facebook is distorting the market for online classified ads services. It will now take an in-depth look in order to make a full judgement on whether the social media behemoth is breaking EU competition rules.

Commenting in a statement, EVP Margrethe Vestager, who also heads up competition policy for the bloc, added: “Facebook is used by almost 3 billion people on a monthly basis and almost 7 million firms advertise on Facebook in total. Facebook collects vast troves of data on the activities of users of its social network and beyond, enabling it to target specific customer groups. We will look in detail at whether this data gives Facebook an undue competitive advantage in particular on the online classified ads sector, where people buy and sell goods every day, and where Facebook also competes with companies from which it collects data. In today’s digital economy, data should not be used in ways that distort competition.”

Reached for comment on the latest European antitrust probes, Facebook sent us this statement:

“We are always developing new and better services to meet evolving demand from people who use Facebook. Marketplace and Dating offer people more choices and both products operate in a highly competitive environment with many large incumbents. We will continue to cooperate fully with the investigations to demonstrate that they are without merit.”

Up til now, Facebook has been a bit of a blind spot for the Commission’s competition authority — with multiple investigations and enforcements chalked up by the bloc against other tech giants, such as (most notably) Google and Amazon.

But Vestager’s Facebook ‘dry patch’ has now formally come to an end.

The CMA, meanwhile, is working on wider pro-competition regulatory reforms aimed squarely at tech giants like Facebook and Google under a UK plan to clip the wings of the adtech duopoly.

 

#advertising-data, #amazon, #antitrust, #big-tech, #cma, #competition-and-markets-authority, #europe, #european-commission, #european-union, #facebook, #germany, #google, #margrethe-vestager, #policy, #social, #social-media, #social-network, #united-kingdom

Facebook Faces Two Antitrust Inquiries in Europe

European Union and British regulators are investigating whether Facebook’s “vast troves of data” give Facebook Marketplace an unfair advantage.

#antitrust-laws-and-competition-issues, #european-commission, #european-union, #social-media

EU and Bill Gates make joint push for $1BN to accelerate clean tech

The European Commission has announced a partnership with Bill Gates’ sustainable energy funding vehicle with the goal of unlocking new investments for clean tech and sustainable energy projects totalling up to $1BN (€820M) over five years (2022-2026).

EU-based projects the partnership will focus on initially fall into four sectors which are being prioritized for their potential to deliver substantial reductions in regional emissions — namely:

  • Green hydrogen;
  • Sustainable aviation fuels;
  • Direct air capture;
  • Long-duration energy storage.

The goal is to scale technologies which are currently too expensive to compete with fossil fuel-based incumbent technologies.

The pair said they will continue to work on setting up the program over the coming months, with an eye on having something further to announce at the COP-26 conference in November.

It’s not the first time the Commission and Gates’ Breakthrough Energy organization have worked together on funding sustainable investment. But the scale of this latest partnership dwarfs the €100M fund the EU established back in 2019 with its venture investment funding arm.

Now the Commission has partnered with Breakthrough Energy Catalyst — a financing program within Gates’ organization that aims to accelerate the development and adoption of technologies needed to underpin a low-carbon economy — to mobilize up to 10x more than the earlier fund to build large-scale, commercial demonstration projects for clean technologies.

The overarching goal is of course to lower the costs and accelerate deployment of clean tech in order to deliver significant reductions in CO2 emissions in line with the Paris Agreement.

The bloc is a major emitter of CO2 but has committed to achieving net-zero emissions by 2050, under the European Green Deal.

Gates’ philosophy with his 2015-founded Breakthrough Energy vehicle, meanwhile, is that renewables alone won’t be enough to avert catastrophic climate change — and investments in a range of high risk but potentially high reward technologies is also needed.

But given the lengthy time-scales needed for a return on these types of investments public-private partnerships look like a key piece of the financing puzzle.

Commenting on the partnership announcement in a statement, EU president Ursula von der Leyen, said: “With our European Green Deal, Europe wants to become the first climate-neutral continent by 2050. And Europe has also the great opportunity to become the continent of climate innovation. For this, the European Commission will mobilise massive investments in new and transforming industries over the next decade. This is why I’m glad to join forces with Breakthrough Energy. Our partnership will support EU businesses and innovators to reap the benefits of emission-reducing technologies and create the jobs of tomorrow.”

In another supporting statement, Gates, founder of Breakthrough Energy, added: “Decarbonising the global economy is the greatest opportunity for innovation the world has ever seen. Europe will play a critical role, having demonstrated an early and consistent commitment to climate and longstanding leadership in science, engineering, and technology. Through this partnership, Europe will lay solid ground for a net-zero future in which clean technologies are reliable, available, and affordable for all.”

On the EU side, funding for the partnership is expected to come from the bloc’s flagship R&D fund, Horizon Europe, and also via the low-carbon-focused Innovation Fund within the framework of the InvestEU program.

Breakthrough Energy Catalyst will mobilise equivalent private capital and philanthropic funds to finance selected projects.

The partnership will also be open to national investments by EU Member States through InvestEU or at project level, the Commission noted. It added that a call for expressions of interest for potential InvestEU implementing partners is currently open until June 30 2021.

Renewable energy and clean(er) transport were also key focus areas for the massive €750BN ‘Next Generation EU’ coronavirus recovery fund put together by the Commission last year — which said it would borrow money on the financial markets through the issuance of bonds for post-pandemic recovery — with that money pegged to be channelled through EU programs between 2021 and 2024.

The bloc’s lawmakers have also suggested that digitization and AI technologies — which are other areas it’s pegged for major investment — will play a key supporting role in Europe’s green transition.

 

#bill-gates, #carbon-capture, #clean-tech, #energy-storage, #europe, #european-commission, #european-union, #green-hydrogen, #greentech, #low-carbon, #sustainable-aviation-fuel, #sustainable-energy, #ursula-von-der-leyen

EU bodies’ use of US cloud services from AWS, Microsoft being probed by bloc’s privacy chief

Europe’s lead data protection regulator has opened two investigations into EU institutions’ use of cloud services from U.S. cloud giants, Amazon and Microsoft, under so called Cloud II contracts inked earlier between European bodies, institutions and agencies and AWS and Microsoft.

A separate investigation has also been opened into the European Commission’s use of Microsoft Office 365 to assess compliance with earlier recommendations, the European Data Protection Supervisor (EDPS) said today.

Wojciech Wiewiórowski is probing the EU’s use of U.S. cloud services as part of a wider compliance strategy announced last October following a landmark ruling by the Court of Justice (CJEU) — aka, Schrems II — which struck down the EU-US Privacy Shield data transfer agreement and cast doubt upon the viability of alternative data transfer mechanisms in cases where EU users’ personal data is flowing to third countries where it may be at risk from mass surveillance regimes.

In October, the EU’s chief privacy regulator asked the bloc’s institutions to report on their transfers of personal data to non-EU countries. This analysis confirmed that data is flowing to third countries, the EDPS said today. And that it’s flowing to the U.S. in particular — on account of EU bodies’ reliance on large cloud service providers (many of which are U.S.-based).

That’s hardly a surprise. But the next step could be very interesting as the EDPS wants to determine whether those historical contracts (which were signed before the Schrems II ruling) align with the CJEU judgement or not.

Indeed, the EDPS warned today that they may not — which could thus require EU bodies to find alternative cloud service providers in the future (most likely ones located within the EU, to avoid any legal uncertainty). So this investigation could be the start of a regulator-induced migration in the EU away from U.S. cloud giants.

Commenting in a statement, Wiewiórowski said: “Following the outcome of the reporting exercise by the EU institutions and bodies, we identified certain types of contracts that require particular attention and this is why we have decided to launch these two investigations. I am aware that the ‘Cloud II contracts’ were signed in early 2020 before the ‘Schrems II’ judgement and that both Amazon and Microsoft have announced new measures with the aim to align themselves with the judgement. Nevertheless, these announced measures may not be sufficient to ensure full compliance with EU data protection law and hence the need to investigate this properly.”

Amazon and Microsoft have been contacted with questions regarding any special measures they have applied to these Cloud II contracts with EU bodies.

The EDPS said it wants EU institutions to lead by example. And that looks important given how, despite a public warning from the European Data Protection Board (EDPB) last year — saying there would be no regulatory grace period for implementing the implications of the Schrems II judgement — there hasn’t been any major data transfer fireworks yet.

The most likely reason for that is a fair amount of head-in-the-sand reaction and/or superficial tweaks made to contracts in the hopes of meeting the legal bar (but which haven’t yet been tested by regulatory scrutiny).

Final guidance from the EDPB is also still pending, although the Board put out detailed advice last fall.

The CJEU ruling made it plain that EU law in this area cannot simply be ignored. So as the bloc’s data regulators start scrutinizing contracts that are taking data out of the EU some of these arrangement are, inevitably, going to be found wanting — and their associated data flows ordered to stop.

To wit: A long-running complaint against Facebook’s EU-US data transfers — filed by the eponymous Max Schrems, a long-time EU privacy campaigners and lawyer, all the way back in 2013 — is slowing winding toward just such a possibility.

Last fall, following the Schrems II ruling, the Irish regulator gave Facebook a preliminary order to stop moving Europeans’ data over the pond. Facebook sought to challenge that in the Irish courts but lost its attempt to block the proceeding earlier this month. So it could now face a suspension order within months.

How Facebook might respond is anyone’s guess but Schrems suggested to TechCrunch last summer that the company will ultimately need to federate its service, storing EU users’ data inside the EU.

The Schrems II ruling does generally look like it will be good news for EU-based cloud service providers which can position themselves to solve the legal uncertainty issue (even if they aren’t as competitively priced and/or scalable as the dominant US-based cloud giants).

Fixing U.S. surveillance law, meanwhile — so that it gets independent oversight and accessible redress mechanisms for non-citizens in order to no longer be considered a threat to EU people’s data, as the CJEU judges have repeatedly found — is certainly likely to take a lot longer than ‘months’. If indeed the US authorities can ever be convinced of the need to reform their approach.

Still, if EU regulators finally start taking action on Schrems II — by ordering high profile EU-US data transfers to stop — that might help concentrate US policymakers’ minds toward surveillance reform. Otherwise local storage may be the new future normal.

#amazon, #aws, #cloud, #cloud-services, #data-protection, #data-protection-law, #data-security, #eu-us-privacy-shield, #europe, #european-commission, #european-data-protection-board, #european-union, #facebook, #lawyer, #max-schrems, #microsoft, #privacy, #surveillance-law, #united-states, #wojciech-wiewiorowski