April 19. 2024. 9:04

The Daily

Read the World Today

EU Commission opens formal investigation into TikTok, Orange-MásMóvil merger approved

Welcome to Euractiv’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.

“As a platform that reaches millions of children and teenagers, TikTok must fully comply with the DSA and has a particular role to play in the protection of minors online”.

– European Commissioner for Internal Market Thierry Breton stated in a document.

Story of the week:

The European Commission opened formal proceedings against TikTok under the Digital Services Act on Monday, due to possible breaches in several areas, including child protection. The current decision is a result of a preliminary investigation, based on a risk assessment report by TikTok sent to the Commission in September last year, and on the EU institution’s formal Requests for Information on illegal content, protection of minors, and data access. As European Commissioner for Internal Market Thierry Breton also pointed out in a post on X, the current investigation will focus on the possible breach on transparency and protection of minors, and within that, on addictive design, screen time limits, rabbit hole effect, age verification, and default privacy settings. Read more.

Don’t miss:

The European Commission accepted on Tuesday the €18.6 billion deal between Orange and MásMóvil in Spain, provided that spectrum bandwidths are divested to the Romanian mobile operator Digi. Subject to an inquiry under the EU merger regulation, the creation of a joint venture was considered a test for whether the Commission would maintain its competition doctrine in telecom markets. No four-to-three mobile mergers have been allowed since Competition Commissioner Margrethe Vestager took office, although she denies that there is a “magic number” of mobile competitors per member state. Read more.

Also this week:

  • Connectivity package: Commission opens consultation, commits to post-quantum cryptography recommendation
  • Ensuring competition in AI will also preserve democracy, experts say
  • Concerns raised over UK Data Protection Bill’s impact on EU’s GDPR

Artificial Intelligence

Ensuring competition and preserving democracy. With artificial intelligence, focus on enforcing competition laws is vital and goes hand in hand with the preservation of democracy, industry experts said at a panel discussion in the European Parliament on Monday. Read more.

AI Office launch. On Wednesday, the European AI Office “saw the light”, as Roberto Viola, director-general of the European Commission’s department for Communications Networks, Content and Technology, put it on X. The European AI Office will be the EU’s main AI hub, overseeing the AI Act’s implementation, fostering trustworthy AI development, and promoting international cooperation. “It’s a game changer for the governance of AI in EU”, Viola wrote on X.

Big Tech against harmful AI. Twenty leading technology companies, including Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI, TikTok, and X, made a collective pledge at the Munich Security Conference last Friday to collaborate in detecting and countering harmful AI content. The set of commitments is entitled “Tech Accord to Combat Deceptive Use of AI in 2024 Elections”.


Commission fines Apple with half a billion euros. The Financial Times reported last Sunday that the Commission should fine Appel €500 million over access to its music streaming services. It is expected to be announced in early March and would be the EU’s first fine against the US company. Last year and in 2021 the Commission sent a Statement of Objections to Apple, articulating concerns regarding the App Store rules for music streaming providers.


Parliament’s spyware troubles. According to a Politico article published on Wednesday, an internal email revealed that the European Parliament’s defence committee was the subject of phone hacking due to which the institution asked MEPs to have their phones checked. On Thursday, it turned out that two MEPs’ phones were also hacked.

Polish Pegasus investigation. Poland’s parliamentary investigation began on Monday, the EUobserver reported, on the use of Israeli Pegasus spyware, acquired by the previous Law & Justice government in 2017. Led by Magdalena Sroka, a former police official aligned with Donald Tusk’s coalition, the 11-member committee will examine the legality, purpose, and funding of the purchase from Israel’s NSO Group.

Have your say on ENISA. The Commission is gathering feedback on Europe’s Cyber Security Agency (ENISA), from industry and national governments, Euronews reported on Tuesday. It is evaluating ENISA’s operations, considering changes to its mandate and financial implications. The review takes place ahead of the upcoming reassessment of the EU’s Cybersecurity Act (CSA), which empowered ENISA to oversee EU-wide cybersecurity rules since 2019. The questionnaire is accepting feedback until 27 February.

Anti-drone tech coming to Berlaymont. The European Commission is considering implementing anti-drone technology at its Berlaymont headquarters in Brussels. It has begun contacting potential suppliers for the equipment to protect against espionage and physical attacks from unmanned aircraft, Politico reported on Tuesday. The system aims to counter spying activities in the Belgian capital, which is recognised as a centre for espionage, with numerous instances of individuals impersonating officials, journalists, or NGO workers to gain access.

Estonia blocks Russian cyberattack. Estonian Prime Minister Kaja Kallas revealed on Tuesday that a “hybrid operation by Russia’s security services” was stopped on Estonian territory. The operation dates from last year, when cars belonging to the Estonian interior minister and a journalist were vandalised, as well as a memorial. The Estonian internal security service identified six people responsible for the vandalisation and pointed towards the Russian special services.

LockBit hackers locked up. On Monday, Europol and 10 law enforcement authorities from Europe, the US and Australia seized the LockBit ransomware group website and arrested two hackers. More than 30 servers were taken down and 200 cryptocurrency accounts were frozen. The LockBit hacker group has been responsible for numerous ransomware attacks across the world and has been offering its services to other hacker groups.

EU’s cybersecurity assessment. On Wednesday, EU countries, the Commission, and the EU Cybersecurity Agency (ENISA) presented a report on cybersecurity and resilience of communications infrastructures and networks. The report develops different strategic risk scenarios and puts forward necessary recommendations for member states. It serves as well as a pillar of the telecom connectivity package, on how to master Europe’s digital infrastructure.

Data & Privacy

UK Data Protection Bill concerns. A letter sent by member of European Parliament Paul Tang, seen by Euractiv, raises questions regarding the potential effects of the UK’s Data Protection Bill on the EU’s General Data Protection Regulation (GDPR). The letter, dated 22 February, states that the UK’s Data Protection and Digital Information Bill would weaken the protection of the GDPR and the protection of EU citizens. Read more.

Signal introduces usernames. Signal messaging service has introduced a new default setting where users’ phone numbers will no longer be visible to everyone they chat with. Only people who have their number saved in their contacts will see it. Users can now also create a unique username to connect with others without sharing their phone number, which is not permanent or visible to others in chats. Furthermore, a new privacy setting allows users to control who can find them on Signal by phone number. Currently, these options are in beta and will be rolled out to all users in the coming weeks.

iMessage upgrade. Apple announced in a blog post on Wednesday it is upgrading iMessage to its most significant cryptographic security upgrade ever called PQ3. PQ3 introduces a groundbreaking post-quantum cryptographic protocol, offering security against quantum attacks. According to the post, it surpasses all other widely used messaging apps, making it the world’s most secure messaging protocol.

HLG criticism. On Tuesday, the High-Level Group (HLG) on access to data for effective law enforcement, also called by critics the “going dark” group, was engaging in consultations with non-governmental organisations, according to a post by the Pirate Party. MEP Patrick Breyer noted that the group “should be dissolved” because “undemocratic preliminary negotiations are conducted” by them “with the predefined goal to re-introduce EU-wide blanket data retention of citizen’s communications data, to undermine secure encryption and to introduce the ‘Security by Design’-concept”.

Digital diplomacy

Digital Europe Programme open to Moldova. On Monday, Commissioner for Internal Market Thierry Breton and Moldovan Deputy Prime Minister Dumitru Alaiba signed an association agreement for the Digital Europe Programme. Once ratified, it will be applied retroactively from January 1, 2024, granting Moldovan entities access to the program’s calls, which has a budget of €7.5 billion for 2021-2027. The programme is “part of the EU’s efforts to support Moldova on its path to the EU and in addressing the consequences of Russia’s war of aggression against Ukraine”, Breton noted.

Digital Markets Act

No more support. Apple is ending support for progressive web apps (PWAs) for iPhone users in the EU due to compliance issues with the Digital Markets Act (DMA), according to its developer website, spotted by 9to5Mac last Thursday. iOS 17.4 also removes support for Home Screen web apps in the EU as a result of recent changes.

Changes on Zalando. Zalando will remove misleading sustainability flags and icons from its platform by April 15, following dialogue with the Commission and consumer authorities, according to a post on the Commission’s website, published on Thursday. Among other changes, clear information about product environmental benefits will replace icons. Zalando will also revise its Sustainability Page and ensure environmental claims are significant. The Consumer Protection Cooperation Network will assess Zalando’s implementation and enforce compliance if needed, after the platform provides a report on implementing its commitments.

Digital Services Act

Breton says no to arbitrarily suspencion. On Tuesday, during his meeting with X CEO Linda Yaccarino regarding the Digital Services Act’s compliance, Commissioner Breton emphasised that arbitrarily suspending accounts, whether voluntarily or not, is unacceptable. He reiterated the EU’s stance on freedom of expression and online safety, according to his post on X. On the same day, X temporarily suspended the account of Yulia Navalnaya, the widow of Russian opposition leader Aleksei Navalny, who died in prison last Friday. However, the platform later restored the account, attributing its suspension to an error triggered by its automated security protocols.

Gig economy

No support for the platform work directive. The Belgian EU Council Presidency failed to garner the necessary support from member states to agree on a new platform work directive last Friday, effectively shelving the proposal, after more than two years of negotiations. Read more. Read more.

Right to repair deal. On Thursday, the Parliament and the Council reached an agreement on the “right to repair” directive. Online platforms will facilitate consumers in locating local repair and refurbished goods shops, alongside measures aimed at enhancing repair post the expiration of legal guarantees and incentives promoting prolonged product usage, such as repair vouchers and funds. MEP and co-rapporteur Pascal Arimont said ahead of the vote that times have changed since the framework’s introduction in 1985, with the world becoming increasingly digital, and “the market is also more international”, with customers buying products from across the world, so “the requirements also need to be adjusted”.

Agenda for the next Commission. Europe must enhance its digital economy amid challenges from China and the US, according to an agenda for the next Commission by the Centre for European Reform. According to the report, the next European Commission must focus on implementing digital laws effectively, fostering a privacy-friendly data economy, and investing in connectivity and infrastructure.

Law enforcement

Online Safety Bill criticism. The UK’s Public Accounts Committee (PAC) of MPs has warned that the Online Safety Bill may disappoint the public as Ofcom, the regulator and competition authority for the UK communications industries, lacks the authority to investigate individual complaints, The Telegraph reported on Wednesday. Additionally, confidence in the new law could be undermined due to the extended timeline required to make a noticeable impact on people’s internet experiences.


Misinterpretation of audiovisual law since 1986. Last week, the French Supreme Court for Administrative Justice (Conseil d’Etat) decided that the regulatory authority (Arcom) should reconsider its analysis of the diversity of political discourse on TV channel CNews. The decision has far-reaching implications as the Arcom now has to review its methodology, which was based on the time given to politicians to express their opinions. Now, the Arcom should take into account what animators, columnists, and guests say as well. The Conseil d’Etat ruled out the possibility to create a registry of animators’ opinions, but said that the Arcom should focus on the content of ideas shared. 1986’s law states that respect for idea pluralism is a condition for democracy. The non-profit organisation Reporters Without Border filed its complaint to the Conseil d’Etat against CNews, as it considered it covered news partially.


Bluesky federation. Bluesky has announced the opening of its federation, following its recent public launch, TechCrunch reported on Thursday. This move enables individuals to run their own servers connected to Bluesky’s network, allowing them to host their data, manage accounts, and set their own rules. This decentralized approach mirrors Mastodon’s model but utilizes a distinct protocol, keeping the two networks separate for the time being.

Job losses at TikTok’s Irish HQ. TikTok is undergoing a global reorganisation that will likely result in hundreds of job losses or internal reassignments in Ireland, the Irish Independent reported on Monday. The restructuring impacts the social media company’s training and quality teams, mostly those based in Dublin, where TikTok’s headquarters employs approximately 3,000 people.


Connectivity package consultation open. The European Commission announced on Wednesday a consultation on the EU’s telecom market, open until June and committed to a post-quantum cryptography recommendation. Competition Commissioner Margrethe Vestager and Single Market Commissioner Thierry Breton presented the EU executive’s view on the EU’s telecom market, supported by the publication of two non-binding documents: a white paper on the EU’s telecom infrastructure needs and a recommendation to member states on submarine cable infrastructure security and resilience. Read more.

Communications legislative void. On Thursday, the European Parliament’s ITRE committee unanimously adopted the Gigabit Infrastructure Act (GIA) text, following the Council’s Committee of Permanent Representative vote on 16 February. Formal adoption should be a mere formality now and is expected to happen during the Parliament’s last plenary on 22-25 April, followed by a Council’s formal adoption. Yet, there is a trick in the agenda, as the intra-EU communication price cap will expire on 19 May. The GIA’s extension of price caps will kick in 20 days after its publication in the Official Journal, which means that the co-legislators will not have much time to adopt the text and publish it, if they want to avoid a legislative void where telecom operators will be free to apply prices without regulation.

It’s the competition, stupid. Commissioners Breton and Vestager repeatedly said that the Commission’s connectivity package was all about competition, as telecom infrastructures are the backbone for the future of the EU’s digital economy. The EU’s telecom association ETNO reacted by saying there is a need to change merger policy, attract investors, and “recognise the role of tech companies” for the ecosystem’s fairness. The tech company association CCIA emphasised in a reaction to the Commission’s document publication they were concerned that several parts of the white paper could bring about a resurrection of the fair-share tax. The industry welcomed the announcements of a post-quantum cryptography recommendation and more harmonised spectrum governance.

What else we’re reading this week:

Read more with Euractiv

Concerns raised over UK Data Protection Bill’s impact on EU’s GDPR

Concerns raised over UK Data Protection Bill’s impact on EU’s GDPR

A letter sent by member of European Parliament Paul Tang, seen by Euractiv, raises questions regarding the potential effects of the UK’s Data Protection Bill on the EU’s General Data Protection Regulation (GDPR).