merger scrutiny enhanced, policy programme agreed, Data Act kicks off – | #cybersecurity | #cyberattack

Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here


“We are on the right track to putting an end to killer acquisitions that stifle innovation.”

-MEP Stéphanie Yon-Courtin


Story of the week: The EU’s General Court has upheld an expansive interpretation of the EU Merger Regulation in a case centred on an acquisition of one US biotechnology company by another. The deal fell below the national thresholds, still, it was considered to have potentially significant implications for the national markets of several member states. This broader interpretation of merger control rules was pushed as part of guidance to Article 22 of the Merger Regulation, which for the first time was put to the test in court- and survived.

Therefore, this week’s ruling opens up the possibility that even small acquisitions could be subject to EU scrutiny should they possibly affect trade between member states. Not to open the net too wide, the EU court made clear that the relevance limit should be taken seriously. Still, it confirms the trend of competition authorities stepping up their game for acquisitions that might not directly impact their market of jurisdiction. As a result, the Commission might be able to step in on killer acquisitions of Big Tech, bolstered by the notification and temporary freeze included under the Digital Markets Act. Read more.


Don’t miss: The EU co-legislators reached a political agreement on a new policy framework, the Path to the Digital Decade, envisioned as a tool to help national governments reach the EU’s Digital Decade Targets. The agreement was reached in just one month of interinstitutional negotiations, under huge political pressure from the European Commission. The EU Council won most of its battles: any reference to the radio spectrum was removed, the recommendations were turned into ‘mutually agreed conclusions’ of a structured dialogue, and the frequency of the cooperation will be every two years. Lawmakers removed the word ‘costs’ in recital 7a, referring to the fair share and any hints to the idea under Art. 2. The reference to the regional dimensions was also largely maintained, and the Commission will also consider them in its annual assessments. Read more.


Also this week

  • The Czech Presidency shared the first partial compromise on the Data Act.
  • Amazon put forth concessions to close an EU antitrust probe.
  • European cloud service providers insist on sovereignty requirements in ENISA’s certification scheme.
  • The Uber Files are set to negatively impact the platforms’ position on the platform worker directive.
  • France opens a new chip factory to be operational by 2026.
  • Media freedom features large in the Commission’s annual rule of law reports.
  • The UK’s Online Safety Bill faces an uncertain destiny as the country plums into political chaos.


Before we start: Julia Hess and Jan-Peter Kleinhans, technology and geopolitics experts at the German think tank Stiftung Neue Verantwortung, share their assessment of the Chips Act as it is proposed and explain what they would change, particularly in pillar three. Instead of supply chain monitoring, they suggest that governments should perform value chain mapping and leave the former to the industry.

Chips Act: supply chain monitoring versus value chain mapping

Julia Hess and Jan-Peter Kleinhans, Technology and Geopolitics experts at the German Think Tank Stiftung Neue Verantwortung, share their assessment of the Chips Act as it is proposed and explain what they would change, particularly in pillar three. Instead of supply chain …


Artificial Intelligence

The blame game. The vote for the opinion report on the AI Act in the JURI committee has been postponed to after the summer break, with the EPP and Green groups blaming each other. The rapporteur Alex Voss requested the other groups withdraw the amendments outside the compromise. While most political groups reluctantly agreed, the Greens (followed by the Left) stood their ground, stressing that if they knew this was going to be the case, they would have insisted more on certain compromises. The shadow rapporteur, Sergey Lagodinsky, insisted on tabling six amendments: prohibited practices, human oversight, transparency, digital asymmetry and dark patterns, corporate sustainable reporting and due diligence, secondary legislation and Annex III reviews.

Disagreement after agreement. The clash comes after the compromise actually reached a broad majority (that includes the Greens). Voss’ original ideas on AI literacy, trustworthy criteria and consistency mechanism largely remained in the proposal. The report also includes rights and remedies, consistently with the fact that the European Parliament is enhancing the proposal on all redress fronts. Unsurprisingly, the part of biometrics has proven one of the most controversial ones, as the voting list seen by EURACTIV mentions a separate vote for the transparency obligations that would apply to law enforcement. In addition, the risk management approach is very business-oriented, consistently with the EPP’s line.

Facial recognition fines. The Greek data protection authority fined controversial AI company Clearview €20 million this week, the watchdog’s highest GDPR fine ever issued over the company’s “intrusive practices”. Accompanying the fine is a ban on the company collecting and processing the personal data of individuals located in Greece using facial recognition technologies and an order requiring that any such data already collected should be deleted. This is far from the first such fine levied against Clearview and stems from complaints filed by an alliance of civil society organisations last year with data protection authorities in several countries.

Not the only one. Scrutiny on companies that have based their business model on biometric data is ramping up. A group of MEPs from across the aisle has called for clarification from the Commission on the legal basis of collecting biometric data and building private databases of people’s images. This relates to concerns about PimEyes, a company that uses biometric recognition technology to create a database of people’s images, collected from the internet. The priority question, seen by EURACTIV, points out the dangers that these databases could contain compromising images, including, for example, “revenge porn”, which could then be accessed by employers, for instance. The lawmakers ask for information about the standing of these companies concerning the GDPR, as well as on the right to one’s own image and personality in light of these databases and how the AI Act will address these concerns.


Amazon’s pledge. The Commission has initiated a public consultation after Amazon committed not to use the data of third-party sellers for its own benefit. The platform’s pledge to Brussels results from an investigation launched by the EU in 2019, which focused on how the e-commerce giant might have undermined competitors by using their data to develop and sell its own products. These commitments anticipate obligations included in the DMA, which will apply as of next year. Amazon also committed to opening up the criteria for accessing its fidelity programme Prime and Buy Box. Read more. 

Data portability competition. Italy’s competition authority has launched an investigation into Google on the suspicion that it has abused its dominant market position to hinder interoperability regarding data sharing with other platforms. The watchdog charges that the tech firm’s behaviour infringes on the portability of personal data under the GDPR, limiting the benefits available to customers and the ability of these other players to engage in innovative forms of data use, restricting competition as a result. The inquiry began on Wednesday with an inspection of Google’s Italian offices.


EUCS backlash. European cloud companies have mobilised to insist on their point that the EU’s cybersecurity agency, ENISA, should include sovereignty requirements in its upcoming cloud certification scheme (EUCS). In a letter sent to ENISA this week, 34 signatories call on the executive agency to use the scheme as an opportunity to ensure trust and transparency in cloud services. The scheme was due to receive the opinion of the European Cybersecurity Certification Group a few days ago, but the discussion was postponed to September as several member states, most notably Germany, are conflicted on the path to take. Read more.

A wolf in sheep’s clothing? The German Federal Ministry of Interior presented its ambitious cybersecurity agenda on Tuesday (12 July) amidst rising cyber threats. It focuses on strong, modernised security architecture, a high level of cybersecurity protection, and the resilience of critical infrastructure. However, critics say several proposed measures, such as active cyber defence, the increased power of authorities or the potential breaking of end-to-end encryption, have little to do with cybersecurity. The topic of fighting child sexual abuse material was also addressed by Interior Minister Nancy Faeser, who introduced the agenda, although experts believe the so-called ‘chat control’ would endanger cybersecurity. Read more.

Cyber double-edge sword. Russia experienced the most data breaches in the second quarter of 2022, according to data published by VPN provider Surfshark this week. For the second quarter in a row, Russia came first in global rankings of breached accounts, totalling 28.78 million. Spikes in breaches have also been recorded in all the Baltic states – by as much as 612% in Lithuania – and the Czech Republic, as well as in Ukraine, which has seen a 183% increase since the last quarter.

NIS2 voted in ITRE. The Consolidated text of the NIS2 directive was adopted with strong support by the ITRE committee this week. The plenary vote is likely to take place in October, as the schedule of the September plenary is already full.

Data & Privacy

First partial compromise. The Czech Presidency circulated its first partial compromise text on the Data Act this week, setting out proposals for alignment with definitions found in EU data protection law, trade secret safeguards and a ban on dark patterns. Also included in the text, seen by EURACTIV, were measures that would create stricter dividing lines between regulation on Business-to-Business and Business-to-Customer relations and expanded exemptions for medium-sized companies. The document will form the basis of technical discussions in the upcoming Telecom Working Party, which meets on 19 July. Read more.

Warning received. TikTok suspended an imminent change to its personalised ads policy this week after pushback from the data protection authorities of both Ireland and Italy. Italy’s watchdog ruled this week that the company’s move to deploy personalised ads based on user behaviour violates both the EU’s ePrivacy directive and Italian law, issuing a formal warning to the platform that the plans had an inadequate legal basis. In response to contact with both agencies, TikTok stepped back from the changes a day before they were due to go into effect.

EU-Russia data transfers. In a statement adopted by the European Data Protection Board (EDPB) this week, the authority has called on member states engaging in data transfers with Russia, which does not have an EU adequacy ruling, to assess their legal basis and review whether additional safeguards are needed to ensure equal levels of protection for data subjects as they would receive within the EU. One point within the statement has caused some controversy, however. The EDPB highlights the “close economic and historic ties” that some member states have with Russia, and the increased data flows this leads to, writing that national authorities should monitor legislative changes in the country that could have implications for data transfer protections. This led to criticism from some observers who argued that “historic ties” were not usually invoked in guidance on transfers to third countries, especially since the same argument was not used with countries that are politically much closer to the EU.

Study time. The Parliament’s Research Service published a study this week examining different models for a sustainable and just data governance framework. Amongst its recommendations were that the EU should better define data as a public good, that cohesion within the EU’s approach to data governance is improved, collective decision-making is given a more central role, and data governance tools and goals are contextualised in relation to the public goods they can serve to deliver.

GDPR – four years after. Introducing new binding measures to clarify the enforcement of the GDPR, increasing the number of joint investigations and growing the resources of national data protection bodies are just some of the recommendations on improving the landmark legislation’s enforcement issued by Access Now this week. Directed towards authorities at both EU and national levels, the report also outlines the slow resolution of cross-border cases and differences in national laws and the practices of national data protection authorities as key issues in GDPR enforcement.


Political ads discussion. Protecting the integrity of elections is a “never-ending game of whack-a-mole”, Nobel Peace Prize-winner Maria Ressa told the IMCO committee this week in a hearing on the proposed political advertising regulation. The session, which also featured Carole Cadwalladr, the investigative journalist who helped to expose the Cambridge Analytica scandal, and a number of disinformation and digital experts, preceded a debate on the draft report on the proposal released last month by IMCO rapporteur Sandro Gozi. While most groups in the Parliament proved largely supportive of the regulation in principle and many of Gozi’s suggestions, repeated calls were made for clarification of definitions and further work in areas including ad libraries, targeting and alignment with the DSA.

Gig economy

The Uber Files revelations come at a particularly relevant time for Brussels, as preparations for the EU’s directive on platform workers continue. The revelations are bound to negatively affect the argument of the platforms as well as the position of France, which so far has been leading the bloc of countries sceptical over the proposal. The critics have already made a link between Uber’s close links with top French officials, including President Emmanuel Macron, and the little progress made by the directive in the EU Council under the French Presidency. The European Trade Union requested MEPs not to take the plenary vote (which is still months away) until a swift investigation of Uber’s lobbying tactics has been carried out. The idea, however, is not expected to fly. Read more.

Industrial strategy

Chips made in France. France will open a new semiconductor factory, French firm STMicroelectronics and US company GlobalFoundries announced this week, as part of a broader push by the country to establish its position in a global market still struggling with shortages. The factory, which will be located near STMicroelectronics’ existing site close to Grenoble and which is expected to reach full capacity by 2026, is set to specialise in 300-millimetre chips as well as support the production of a range of smaller semiconductors. Just how much of the projected €5.7 billion in funding that will be required for the project will come from the government, however, is unclear. Read more.

Diversify and prepare. On Thursday (14 July), a public hearing on how a European Chips Act will put Europe back in the tech race was held in the last ITRE committee meeting before the summer break. Experts from the industry and research community emphasised the need for innovation and transatlantic partnership and attracting investments and skilled workers to build a strong ecosystem. Hendrik Bourgois, Intel’s VP, stressed that making the EU completely autonomous is unnecessary, adding that the focus should be on rebalancing and diversifying supply chains. Regarding pillar three of the Chips Act proposal, Julia Hess from the German think tank Stiftung Neue Verantwortung reiterated that instead of supply chain monitoring, governments should perform value chain mapping and leave the former to the industry. Understanding geopolitical relations and interdependencies could help prepare for the next crisis, which experts agree will come sooner or later.


Media independence in RoL reports. This year’s Rule of Law report placed a heavy emphasis on media freedom and pluralism and urged a number of EU countries to do better when it comes to ensuring both. The report, which for the first time, features recommendations targeted at individual member states on how they could strengthen their media sector. This unprecedented emphasis on media independence comes ahead of the EU’s planned Media Freedom Act, anticipating some aspects of the upcoming proposal: governance and independence of public sector media, transparency of state advertising, safeguards from the politicisation of broadcasting licenses, transparency on media ownership. Read more. 

Information sources. Television remains the dominant news source for EU citizens, with three quarters citing it as their primary source in a survey of EU media habits released by Eurobarometer this week. The presence of Brussels-related news is almost as high, with 72% of respondents reporting having recently read, seen or heard mention of EU news in online or more traditional forms of media. Traditional broadcast and print media remain more trusted than exclusively online platforms or social media, but a majority of people feel confident that they can recognise disinformation and fake news when they come across it.


UK politics derailed. The UK’s Online Safety Bill, which is nearing the end of the legislative process, has been shelved amid the country’s political chaos, with progress paused until at least September. Ahead of Parliament’s summer recess, which begins on 21 July, a debate on the controversial bill scheduled for next week has been dropped from the agenda. Since lawmakers won’t reconvene until the date the new prime minister is expected to be chosen, and some of the leadership hopefuls have been openly critical of the bill, its future looks less certain than it was just a few weeks ago. Read more. 

Top EU lobbyist. The Commission is set to ask its former digital chief Neelie Kroes for clarification following the revelation this week as part of the Uber Files investigation that she lobbied on behalf of the company during the “cooling off period” that followed her departure from the Commission in May 2016. According to the investigation, during these 18 months, Kroes allegedly offered to arrange meetings between Dutch cabinet ministers and EU officials, violating the EU executive’s ethics rules. A group of MEPs from the Greens and S&D groups also wrote to Commission President Ursula von der Leyen calling for a formal investigation into Kroes’ conduct with the possibility of financial sanctions.

Short-term rental urgency. MEPs have penned a letter to Commissioners Vestager and Breton calling for short-term rental platforms to be urgently regulated, arguing that they are contributing to Europe’s housing crisis. Breton, the letter says, has committed in the past to present a “plug-in” to the DSA which would tackle the issue. Still, the letter’s signatories express concern over the fact that such a proposal has been left out of the list of initiatives planned before the end of the year. Access to data, they also stress, must be ensured to enforce rules related to these short-term rentals, including the creation of publicly-available national databases of the registration numbers used when setting up a rental. “Housing is a human right and not a speculative good,” leftist MEP Martin Schirdewan told EURACTIV.

Research & Innovation

EIC parliamentary critics. The European Innovation Council (EIC), which funds EU deep-tech start-ups, has been heavily criticised in a Parliamentary report that calls for a new approach to its management. The fund has come under scrutiny since its launch last year after many grant recipients reported delays in receiving their financing, attributed to management restructuring by the Commission. According to the report, prepared by MEP Christian Ehler, the governance of the body should be reassessed and reformulated, and an independent body appointed to oversee the fund’s implementation, by 2025 at the latest. Read more.

Horizon 2020 data. New data released by the European Research Council provides a detailed look at the spread and content covered by Horizon 2020 projects. According to the analysis, a large share of the projects funded by the programme aimed to tackle major global challenges in areas such as climate change and health policy. One in ten focused on problems linked to the digital transformation, half of which were AI-centred. The research also details a geographical breakdown, with Germany found to be particularly strong in life sciences, while the UK and the Netherlands dominated in the hosting of social sciences and humanities projects.


Lawmakers chip in. Fifty-four left-to-centre MEPs have written to the Commission to voice their concerns on the lack of expert consultation in the EU executive’s plans to require Big Tech companies to contribute to telecom infrastructure costs, which they argue threaten the principle of net neutrality. Pursuing the plan, the group says, could lead internet service providers to preference certain companies, triggering a return of monopolies within the telecom market and making internet access more expensive and less effective for all. The telcos pushed back, stressing that the discussion is not about net neutrality but negotiating power and traffic imbalances in the internet ecosystem. Moreover, they pointed to several inaccuracies in the letter.

Fibre-optic networks for all! On Wednesday (13 July), the Federal Cabinet adopted the Gigabit strategy presented by the Federal Minister of Digital Affairs and Transport. The strategy aims to connect at least 50% of German households and businesses to the fibre-optic network by 2025, a tripling of the connections from mid-2021. Bureaucratic hurdles are to be dismantled, approval procedures digitalised and funding allocated for regions that are not lucrative for the private sector. By the end of 2022, a digital platform already used in two federal states will be made available to all federal states, which will speed up and standardise the permit application process.


What else we’re reading this week:

Uber broke laws, duped police and secretly lobbied governments, leak reveals (The Guardian)

Inside a radical new project to democratise AI (MIT Technology Review)

Twitter may beat Elon Musk in court and still lose (FT)


Laura Kabelka and Mathieu Pollet contributed to the reporting.

[Edited by Alice Taylor]

Original Source link

Leave a Reply

Your email address will not be published.

− 3 = one