Tech Brief: TikTok ban, connectivity package
“To protect the Commission’s data and increase its cybersecurity, the EC Corporate Management Board has decided to suspend the TikTok application on corporate devices and personal devices enrolled in the Commission mobile device services.”
Story of the week: The European Commission has banned TikTok from corporate devices and staff’s personal smartphones with work apps. EU officials have been asked to uninstall the social media app at once and at any rate no later than 15 March or lose access to corporate apps like Skype for Business. The move, first revealed by EURACTIV, came as a surprise for the Chinese company that has been at the centre of growing data security concerns following revelations that it had been used to spy on journalists and transfer data from users all over the world to the headquarter in China. The European Council is also about to implement similar measures, whilst the EU Parliament has not decided yet.
Asked by reporters if there had been a specific episode that triggered the decision, European Commissioner Thierry Breton pointed to his recent meeting with TikTok’s CEO Shou Zi Chew where he raised concerns about data transfers. At the same time, Breton tried to differentiate the Commission’s position as a regulator and a technical decision of its IT department to guarantee cybersecurity. Still, the political dimension of the ban remains, as no other European government has followed the United States’ example so far. Only last week, Commissioner Margrethe Vestager denied a ban was even an option. Therefore, the announcement’s timing might not be fortuitous as it came only a few days after the Munich Security Conference and following a US-China row over spy balloons.
Don’t miss: The Commission presented its Connectivity Package on Thursday to accelerate the rollout of high-capacity networks across the EU. The package includes the long-waited questionnaire on the controversial ‘fair share’ initiative, which has not significantly changed from the leaked version. Here, the Commission is seeking feedback on several sensitive points, including the threshold at which companies would qualify and the mechanics of the solution that would be put forward. The Gigabit Infrastructure Act was also proposed to reduce the administrative burden for network rollout, also, in this case, largely anticipated by EURACTIV. Somewhat more quietly, the Commission put forth a recommendation that, although not binding, might prove hugely consequential in the way national telecom regulators enforce the European Electronic Communications Code. Alternative operators, in particular, are up in harm for a measure they consider would restrict competition in the telecom sector. Read more.
- Microsoft has announced agreements with Nintendo and Nvidia to neutralise antitrust concerns regarding its bid to take over Activision.
- EU lawmakers are scrambling to regulate ChatGPT and the likes.
- The Swedish presidency proposed extending the media’s capacity to contest platforms’ content moderation decisions.
- Russia has changed its disinformation strategy to prevent being held accountable for the war in the future.
- EU countries are pushing to have more flexibility in enforcing the CSAM regulation.
- France thinks there is little chance the digital tax will ever be implemented.
Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.
Senders-pay: the state of the debate
The European Commission finally opened its public consultation on the senders-pay initiative, also known as fair contribution and traffic tax. We discussed the direction taken by the initiative so far and the options on the table with Julia Maxwell, SVP …
Find out more >>
The ChatGPT factor. EU lawmakers are scrambling to adapt the AI Act’s text to the generative AI hype. JURI is preparing an amendment seen by EURACTIV for its report at the plenary stage, notably modifying the article on transparency obligations to cover AI-generated and manipulated text and visuals that falsely represent a person saying or doing something without his or her consent. The provision will likely replace what the co-rapporteurs proposed under the obligations for high-risk users to disclose AI-generated content unless it is under someone’s editorial responsibility. However, the question of whether the AI regulation should cover ChatGPT and the likes with more than just transparency measures is likely to be politically sensitive. Under Annex III, the co-rapporteurs proposed considering at high-risk the category of ‘AI authors’ that doesn’t undergo any editorial check. By contrast, stricter obligations for this sort of model might prove difficult to swallow for right-to-centre MEPs. As there was not enough time to discuss this part of the text at the last shadow meeting, it should land on the table of the technical meeting on Monday.
Lobbying ghost. A new report by the Corporate Europe Observatory (CEO) pointed the finger at intensive lobbying by US tech companies on the EU’s AI Act, in particular with regard to General Purpose AI and the measures intended to guarantee safety and fundamental rights.
Microsoft’s charm offensive. Microsoft signed binding content agreements with Nintendo and Nvidia this week to stave off concern over its proposed acquisition of gaming company Activision Blizzard. The deal is currently under scrutiny by multiple competition authorities, with Microsoft executives in Brussels this week for a hearing on the deal. The tech giant intends the deals to act as a signal of good faith to ensure widespread continued access to Activision’s flagship product, Call of Duty. Still, Sony, the main industry opponent to the merger, remains unconvinced. Read more.
Data & Privacy
5th Data Act compromise. The Swedish EU Council presidency circulated a fifth compromise text on the Data Act this week, which is likely to be close to the final text. The amendments are particularly significant on the trade secrets part, where many of Airbus’ points were taken on board with some safeguards. In particular, the text gives the data holders the right to refuse an access request if they can prove the measures the receivers put in place to protect their trade secrets are insufficient to prevent significant economic harm. To avoid abuses, these refusal decisions might be challenged before a dispute settlement body, and if the data holders lose, they will have to cover the costs of the data receivers, whilst the inverse will not occur unless it is obvious the receivers acted in bad faith. Other changes regard the compensation that would apply for B2B data disclosures and the option for cloud providers to include early termination penalties in their contracts. Read more.
EDPB’s opinion due. EU lawmakers will debate a draft motion for a resolution on the Commission’s draft adequacy finding on the EU-US Data Privacy Framework next week. MEPs will meet on Wednesday for the discussion and will also hear from the chair of the European Data Protection Board, who will present the body’s opinion on the new framework.
Cross-border enforcement. The Commission has launched the consultation for its initiative intended to streamline cooperation between national data protection authorities regarding cross-border enforcement of the GDPR. The proposal was already announced in the Commission work programme and is expected to land by the middle of the year.
New user agreements. Meta announced changes to its terms of service and privacy notices for UK users of Facebook, Instagram, and WhatsApp this week, shifting them onto US user agreements. UK users will maintain their rights under the country’s post-Brexit version of the GDPR but will no longer be covered by the EU’s equivalent and won’t be routed through the company’s European entity based in Ireland. The International Association of Privacy Professionals noted that this could signal the UK’s challenges – or potential payoffs – of moving services away from the EU architecture.
The EU’s cloud. All EU institutions, offices and agencies will be able to undertake administrative functions within a secured cloud environment as part of a pilot use of Open Source Software Nextcloud and LibreOffice Online by the European Data Protection Supervisor (EDPS). The contract negotiated by the EDPS with an EU-based provider will also ensure adherence to the GDPR and comes as part of a broader effort by the authority to encourage EU bodies to consider alternatives to large-scale providers to improve GDPR compliance.
Digital Services Act
More implementing acts. The Commission is seeking feedback on the implementing regulation, the Commission’s investigatory and enforcement powers, the hearings and the negotiated disclosure of information. The window for feedback remains open until 16 March.
Evolving strategy. Russia is shifting its information strategy towards masking losses and denying accountability, the director of the Atlantic Council’s Digital Forensic Research Lab (DFRLab) told EURACTIV. The comments build on two new reports by DFRLab researchers, which chart the development of the Kremlin’s information strategy since 2014, showing the multiple narrative strands at work to justify the war and undermine Ukrainian resistance. Read more.
How surprising. Twitter’s new paid verification system is being used by accounts disseminating Kremlin propaganda, according to research group Reset. Researchers found that accounts were claiming to be based outside Russia and paying for verification, evading US sanctions and using the platform to spread content and disinformation from state-backed media outlets and officials.
Anti-disinfo calls. The European Media and Information Fund (EMIF) has launched three calls for proposals for projects designed to tackle disinformation. Totalling €4,800,000, the openings span investigations into disinformation dynamics, research for a transparent and resilient information ecosystem, and media and information literacy for societal resilience and will remain open until 28 April.
Governmental bot. Portugal’s Ministry of Justice has launched a new online tool to inform citizens about the services offered by the department. The new tool will use advanced language processing and machine learning technologies, such as generative AI similar to ChatGPT, to provide users with information about the justice system and comes as part of the country’s GovTech Strategy for Justice.
No agreement in sight. Council negotiations on the Platform Workers Directive resumed last week, with a clear split emerging between countries backing a high threshold for the presumption of employment to be triggered – including France, Italy, and Poland – and those taking a ‘pro-reclassification’ stance – Spain, Portugal, Belgium, and the Netherlands. Discussions are almost solely focused on the chapter concerning employment status, where there is reportedly little appetite for compromise. The next working party discussion on the text is due mid-March, with a general approach not expected before June.
Enforcement flexibility. Greater discretion for EU capitals on enforcement and changes to blocking and removal orders, as well as reporting obligations, are among the amendments included in the latest Council compromise text on the proposal to tackle Child Sexual Abuse Material (CSAM). The document, seen by EURACTIV, was circulated ahead of a discussion held by national representatives this week and responded to a request for greater flexibility from the national governments. Read more.
A Commission-funded project launching next month is set to develop a machine learning tool to detect and block child sexual abuse material (CSAM) on devices in real time. The tool will be tested by volunteers who consider themselves at risk of viewing such content and is intended to alleviate survivors’ fears of re-victimisation. Read more.
What goes around comes around. The Swedish presidency has proposed empowering media outlets so they can object to the content restriction decisions of very large online platforms (VLOPs), as part of a new compromise text on the Media Freedom Act, circulated last week. Under the proposed changes, media service providers would be able to contest VLOPs’ restriction of content rather than just suspension, a measure the disinfo community fears is the re-emergence of the media exemption discussed in the context of the Digital Services Act. Read more.
Unwelcomed journalist. A documentary about Russian dissident Alexei Navalny was awarded the prize for best documentary at the UK’s film and television (BAFTA) awards last weekend. However, the accolade came amidst controversy after a key contributor to the project, Bulgarian journalist Christo Grozev, was prevented from attending the awards ceremony after being deemed a ‘public security risk’ by British police. Read more.
Bursting the bubble. The Forum on Information and Democracy has published recommendations for combatting filter bubbles and ensuring content pluralism online, warning that inaction threatens democracy. The organisation called on countries and digital platforms to engage with these principles by separating content hosting and curating functions, disclosing algorithmic selection criteria, and developing technical standards to promote content diversity.
Digital tax in doubt. The chances of a tax on digital giants, such as Google, Apple, Facebook, and Amazon, being implemented are slim, France’s economy and finance minister has said. Speaking this week, Bruno Le Maire said such a measure, designed to make these actors contribute to restoring fair competition at the international level and set for discussion between global leaders at the G20 meeting later this month, is likely to be blocked by the US, Saudi Arabia, and India. France will push for a breakthrough in the situation, however, he said, noting that such a tax has already been trialled and proved profitable in the country. Read more.
Lessons learned. Two years after launching an external alert against TikTok with the Consumer Protection Cooperation (CPC), the European Consumer Organisation BEUC has released a new report identifying key issues related to the functioning of CPC Regulation mechanisms regarding its review of the complaint. The group found that TikTok continues to infringe EU law, despite the intervention, and that, as it stands, CPC intervention appears more ‘performative’ than effective.
Pending issues. In particular, BEUC penned a report assessing TikTok’s corrective measures following the consumer action, finding that some fundamental matters related to the protection and profiling of minors remain despite some small improvements. The consumer group has written to Commissioners Vestager, Breton, Jourová and Reynders to express concern over the platform’s conduct.
1st metaverse citizens’ panel. The first session of the citizens’ panel on Virtual Worlds will be held in Brussels this weekend, beginning today. The discussion will be aimed at developing guiding principles and actions for developing virtual worlds in the EU, feeding into future non-legislative and legislative actions. Sessions two and three will be held in March and April.
Another piece goes off. The Commission has approved the takeover of a part of Vodafone’s Vantage Towers, a tower infrastructure company, by US firms GIP and KKR. The acquisition is part of a broader trend of Europe’s telecom infrastructure ecosystem being slowly taken over by foreign investors due to the relative financial weakness of the European telcos. So much for the EU’s grand ambition to compete with the Chinese Belt and Road Initiative to develop IT infrastructure in the Global South: The health of the European telecom sector barely allows it to maintain control over the infrastructure in its home markets.
Open RAN advancements. The five largest European telcos have published a joint report on improvements made to the maturity, security and energy efficiency of Open RAN within the EU in response to industry and expert questions. The report, by Deutsche Telekom, Orange, Telecom Italia, Telefónica, and Vodafone, also covers key areas of focus for operators in 2023, including cooperation with the EU’s cybersecurity agency and expanding the tech’s current scope of deployment.
‘Fair share’ Q&A. ETNO, the European Telecoms Network Operators’ association, has published a Q&A about the “fair contribution” debate in an attempt to debunk what it says are recent “misrepresentations of the issue and false claims” about its positions by lobbying groups associated with major tech firms.
What else we’re reading this week:
ChatGPT: Civil servants warned not to use AI chatbots to write policies and carry out Government work (The i)
China lured graduate jobseekers into digital espionage (FT)
10 Breakthrough Technologies 2023 (MIT Technology Review)