By Luca Bertuzzi and Molly Killeen | Euractiv.com Est. 20min 28-10-2022 The Tech Brief is EURACTIV's weekly tech newsletter. Euractiv is part of the Trust Project >>> Print Email Facebook X LinkedIn WhatsApp Telegram Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here. “Many of our comments are prompted by our growing cooperation in this area under the U.S.-EU Trade and Technology Council (TTC) and concerns over whether the proposed Act will support or restrict continued cooperation.” – U.S. Non-Paper regarding the September 2022 Revisions to the Draft EU Artificial Intelligence Act Proposed by the Czech Presidency Story of the week: The US is pushing for several changes to the EU’s AI Act, according to an October non-paper obtained by EURACTIV. The document, sent to certain member states and the European Commission, follows much of the content of initial feedback sent to European lawmakers earlier this year. Among the provisions it includes is a push for a narrowed definition of AI, in line with the OECD’s. It also argues in favour of a broader exemption for general-purpose AI, stating that complying with the rulebook’s obligations for the providers would be “very burdensome, technically difficult and in some cases impossible.” On high-risk systems, Washington would like to see individualised risk assessment, an appeal system for companies that think they have been wrongly classified and the recognition of NIST standards for compliance purposes. Read more. Don’t miss: The European Commission has been engaged in pre-designation talks with presumed very large online platforms, discussions on the enforcement architecture with the member states, and drafting secondary legislation on the Digital Services Act. That is what the EU executive said on Tuesday to the eCommerce Experts Group, which will be revised with a new mandate as of January. The presentation provides some insights regarding the content and timing of the delegated acts related to the supervisory fees and independent external audits. It also mentions similarities and differences in the procedural aspects of the Digital Markets Act. In the presentation, there is no detail of the other pieces of secondary legislation nor the guidelines that the Commission is due to publish, signalling that this will not be the priority for now. Read more. Also this week: The Uber whistleblower slammed its former company in a parliamentary hearing The Czech Presidency’s new compromise texts on Data Act, digital identify The AI Act’s co-legislators pushed for giving the DG COMP will have a new directorate dedicated to tech Before we start: The European Chips Act is a top priority in the EU’s drive to digital sovereignty. We discussed the most controversial parts of the file, how the initiative fits into international cooperation and the thorny issue of the budget with MEP Eva Maydell. Today’s edition is powered by AWS AWS and comprehensive data protection in the cloud How do organisations successfully navigate compliance within Europe? What are the cross-border data transfer requirements? AWS experts Esther Stringham (AWS Legal) and Hans Bos (AWS Security Assurance) dive deeper into both topics. Watch the webinars Artificial Intelligence Stronger revision powers. A proposal by the AI Act’s co-rapporteurs would see the Commission’s revision power extended to expanding the lists of high-risk systems and prohibited practices, with yearly reviews of each once the legislation is in place. This would be a significant change compared to the original text, but the legal basis for enlarging the list of prohibited practices was already challenged by the very EU executive in the past, which might suggest this addition would simply be a bargaining chip with the Council at the trilogue stage. The compromise amendments also touched upon confidentiality, which was basically agreed upon at the technical level, and penalties and fines, on which the discussion merely started. The critical governance issue was parked, likely waiting for a political discussion. For those wondering, the compromises were called the eighth batch, but it was, in fact a typo; it was still the seventh batch. Read more. AI treaty update. On Thursday, the Telecom Working Party provided broad support to mandate for the European Commission to negotiate the Council of Europe AI and human rights convention on behalf of the EU, with only minor changes requested. As anticipated by EURACTIV, the second compromise text from the Czech Presidency reflects the first option proposed in the previous document, putting national security outside of the Commission’s mandate – meaning it will be negotiated separately by the member states. The new text, seen by EURACTIV, also includes a reference to the opinion of the European Data Protection Supervisory, which was published in the meantime. We’re (almost) done. The Czech Presidency received broad support for its latest compromise text on the AI Act following discussions in the Telecom Working Party this week, bringing it closer to a final position. Minor clarifications are expected due to the meeting, mainly related to insurance and critical infrastructure provisions in Annex III of the text. The final text of the regulation will now be presented at the next working party on 8 November, to be adopted by COREPER on 18 November. As the EU Council finalises its position, expect MEPs to start feeling the pressure. Emotion recognition slammed. The UK’s Information Commissioner has warned companies that they could face fines for certain uses of “emotional analysis” technologies due to their ineffectiveness. The watchdog called on firms to avoid the tech deployment, slated as being “pseudoscientific” and potentially dangerous for people’s rights. The warning comes ahead of the oversight body’s planned release of broader guidance on using biometric technologies next spring. Ethical AI in education. The Commission has published a set of Ethical Guidelines on the Use of AI and data in education, addressing how the technology is used in schools. As part of the Digital Education Action Plan, the toolkit was developed by an expert group. It is designed to aid teachers in handling AI by clarifying common misconceptions and offering practical advice on its use. Competition We are watching. Five lawmakers have written to the Commission requesting information about how it plans to ensure the ex-post enforcement of competition law in the digital market. They argue that the length of proceedings in antitrust cases undermines this enforcement, adding that it should be strengthened in light of the DMA. The MEPs also call on the EU executive to answer why some antitrust cases, such as the Apple-Spotify suit, are yet to be resolved. Always you two. Spotify’s quest to break into the world of audiobooks has reportedly been foiled so far by Apple, which has rejected Spotify’s app from the App Store three times in the past month before its approval this week over what it says are its violations of Apple’s rules due to the inclusion of the new audiobook feature. According to the New York Times, Apple claims that Spotify is in breach of its regulations on how developers can communicate with customers concerning purchases, a decision which Spotify sees as the latest in a series of attempts by the tech giant to block fence its competitors in. Amazon under GWB. Germany’s competition authority has formally decided that Amazon is an actor of paramount significance for competition. The ruling means that the US tech giant is now subject to extended abuse controls introduced into German law last year and designed to hand the watchdog the power to prevent the most prominent actors across markets from engaging in anti-competitive practices. Expected appeal. Google is headed to the General Court in Luxembourg over a €4.1 billion antitrust fine handed to it by the Commission in 2018 after its appeal was thrown out by a lower tribunal last month, Reuters reports. The company announced this week that it would push forward with the case, which stems from a complaint by Brussels’ that the tech giant had placed illegal restrictions on the manufacturers of Android devices and mobile network operators to consolidate its dominant market position. Cybersecurity Investment platform. Last week, the European Investment Bank and European Commission published a joint report on the state of the cybersecurity ecosystem in Europe. The picture painted is bleak: EU cybersecurity companies tend to be less competitive than their international counterparts, struggle to scale up and, as soon as they have some success, sell out to American or Chinese investors. The problems these start-ups face are similar to those of the tech sector in general: lack of public programmes, demanding access to financing, especially at a later stage of development and fragmentation of the single market. However, at a time of growing geopolitical tension, being able to rely on a trusted domestic vendor becomes a strategic priority. Thus, the report proposes setting up a European Cybersecurity Investment Platform to funnel financial needs and technical assistance to European cybersecurity companies. Google’s open security. Google is pushing for “open security” when defending against cyber threats, emphasising the need for transparency and communication between companies to respond to and prevent attacks. By disclosing threats and vulnerabilities to one another, Google executives have argued, companies can stay ahead of potential dangers, a vision of collaborative security that the tech giant is seeking to take further through its launch of a Google Safety Engineering Centre in Spain, which it says it hopes will become “a European hub for joint research on advanced threats”. Data & Privacy Chapters I-V. The Czech Presidency circulated a new compromise text on the first five chapters of the Data Act. The text further elaborates on the provisions related to the regulation’s scope, specifying the type of devices and data to be covered by the new data law. The data-sharing obligations were also tweaked. For instance, the Presidency included the possibility of charging a margin in B2B data-sharing that would be proportionate to the company’s business model. In B2G, the authorities responsible for enforcing the Data Act have been excluded from the scope to avoid a conflict of interest. Other changes related to the dispute resolution mechanism were enlarged for unfair contractual matters and a differentiated timeline for data interfaces. Read more. LIBE’s draft opinion. LIBE opinion rapporteur Sergey Lagodinsky circulated its draft opinion this week. The report, seen by EURACTIV, very much aligns with the EDPB/EDPS joint opinion on the file and tries to clarify wherever the data subject has special rights when compared with users that are not data subjects. It also introduces a list of purposes for personal data sharing with third parties to disincentivise personal data monetisation further. Lagodinsky also proposed the complete deletion of Chapter V on B2G access. Further clarification related to the distinction between anonymisation, aggregation and pseudonymisation. Following the Data Governance Act, the MEP outlined the potential risk of reidentification of data subjects. Cookie campaign’s effects. One and a half years on from a survey by privacy group noyb looking at the presence of illegal cookie banners, more than 50% of sites have been found to have improved theirs, often without prompting. Seven hundred complaints were filed by noyb in March 2021 following its scan of 3,600 websites. As of October 2022, however, the situation was significantly improved, with 56% of sites have made positive changes, such as introducing the option to refuse cookies and other tracking forms. EDPB’s chair vacancy. The current Chair of the European Data Protection Board, Andrea Jelinek, told MLex this week that she will not stand for re-election once her term is up in May next year. The revelation means that contenders will now be able to throw their hats in the ring for one of the top jobs in EU data protection, responsible for overseeing the implementation of the GDPR. Not without my consent. The controller of personal data must inform all other controllers that have provided or received data from it that a subject has withdrawn its consent, the European Court of Justice ruled this week. The conclusion stems from a case concerning telecoms provider Proximus, launched by a customer whose personal information was published in a directory despite their previous denial of consent. ETNO’s study. The EU’s upcoming Data Act should ensure fair compensation in data sharing between companies, exclude from its scope any data generated by electronic communications services and clarify responsibility for service switching obligations, amongst other things, according to a new report on the proposed regulation by the European Telecommunications Network Operators’ Association. The study, which looks at the potential impacts of the Act on the Telecoms industry, found that among the key concerns of members of the sector were the regulation’s scope, the potential legal costs to the data holder and direct and indirect costs involved in B2G data sharing. Digital Markets Act COMP’s tech directorate. The European Commission’s competition department will establish a new directorate that will deal with the DMA enforcement and handling of all antitrust cases related to digital companies, as first reported by MLex. Having the case handling unit headed by Thomas Kramler and the DMA task force currently led by Lea Zuber under the same roof is meant to foster coordination between the two teams. A total of forty officials will be working in the new directorate, almost half of which will be new recruits. Alberto Bacchiega, the current director for ICT antitrust cases, will also look over the new directorate until a new director if appointed for one of the two. Battle of the services. The internal restructuring also entails a new post of Chief Technology Officer that will assist the new directorate, leaving many to wonder who will take the post – certainly someone who knows the tech sectors inside out. The move was not welcomed by DG CNECT, which sees it as a power play by DG COMP attempting to fill in house expertise that they should be providing. Therefore, it is no surprise that Breton’s service is trying to push on Vestager’s DG COMP its own internal candidate, but it is not excluded that the CTO will be recruited from outside the Commission staff. Given upcoming DMA litigation, the Commission’s legal service is also set to allocate an additional person. eGovernance eIDs v.5.Also discussed by the Telecom Working Party this week was a compromise text on the European digital identity proposal. On the issue of use cases, the Czech Presidency introduced a ‘lightweight notification procedure’, giving ample discretion to the national authorities whether to verify the registration of a relying party. The level of assurance was confirmed high, but the text mentions that the Presidency is working on some temporary solutions like external tokens. On record-matching, the exemption to create a unique identifier was removed for administrative procedures, but the possibility of sectorial identifiers was introduced. More changes relate to interoperability, trusted providers and website security. Read more. Gig economy Uber hearing. The whistle-blower who prompted the Uber Files revelations did not hold back criticism of his former employer at a hearing in the European Parliament this week. Addressing lawmakers in Brussels, Mark MacGann slated the company’s “disproportionate influence” over EU policymaking, saying it had “weaponised both divers and consumers” to achieve its goals. MacGann, Uber’s former top EU lobbyist, also warned that there is a “grave risk of shattering social justice” if too much power is handed to big tech and argued that the EU must introduce measures to effectively protect workers and shift power from the “powerful to the powerless”. Uber, for its part, insisted that the company has changed and will not repeat previous mistakes. Read more. STR: what’s at stake? The Commission’s initiative to regulate the short-term rental market has been repeatedly delayed, and critical obstacles remain. Initially set for release in June this year, the proposal’s release was shelved until October but is likely to be pushed back again, this time until next month. The initiative has received significant attention, and lawmakers at both EU and national levels have been pushing for more urgent regulatory action to address several issues identified within the short-term rental market. EURACTIV took a deep dive into the topic, looking at the delicate balance the legislative proposal will have to strike between economic opportunities and sustainability, transparency and data protection, and local rules and legal certainty. Read more. Industrial strategy Joint Undertaking draft. The ITRE committee’s rapporteur Eva Maydell has published her draft report on the EU’s Chips Joint Undertaking. Amongst the changes included are the requirement that the Commission provide clear guidelines on the development and third-party access to pilot lines, that the Chips Act be supported by significant new financial support for research, development and innovation, and the Joint Undertaking should seek to strengthen international cooperation when it comes to tackling challenges in the semiconductor supply chain. Media Anti-SLAPP lagging. The Commission’s initiative to tackle Strategic Lawsuits Against Public Participation (SLAPPs) is a good starting point, but solving the issue will require further action, a key lawmaker working on the file told a conference at the Council of Europe last week. Representatives of both the Parliament and Commission indicated that the hope is to have a consolidated position on the regulation by the middle of next year, but work is already underway in some member states to transpose the recommendation into national law. Read more. Poland’s media spats. A Brussels journalist has become the target of a disinformation campaign launched by the Polish state channel TVP following an incident at the EPP’s pre-summit meeting last week. Dorota Bawolek, who works for neutral private channel Polsat, has been attacked on social media since last Thursday, when she asked other journalists, including a TVP cameraman, to step away from what had been pre-arranged as an exclusive interview by Polsat with Donald Tusk. The TVP operator refused, and the channel broadcast an edited version of the interaction, claiming that Bawolek had refused to let Tusk answer the channel’s questions. Read more. Albania’s abusive law. The concern is growing that a new draft amendment to Albania’s law on the right to information could threaten the media’s ability to work. The new article on “abusive requests”, published for consultation by the country’s parliament, would afford public institutions the right to designate requests for information as abusive, exempting them from any obligation to respond. However, the lack of definition about what constitutes an abusive request has raised concern among some media stakeholders that the law could be used to obstruct journalists’ access to information. Read more. Platforms Heavy tweeters fading. According to internal research seen by Reuters, Twitter is struggling to retain its most active users, and interest in previously active topics is waning. “Heavy tweeters”, who account for less than 10% of monthly users but 90% of the content and 50% of global revenue, have been in “absolute decline” since the start of the pandemic, company reporting found, and interest in core subject areas such as news, sports and entertainment is falling. These changes present an additional challenge for the platform, which is nearing the end of a lengthy and controversial acquisition process which will see its ownership shift to the hands of Elon Musk. Read more. #WhatsAppdown. WhatsApp suffered a major outage this week, leaving tens of thousands of users worldwide without coverage. The incident is the first major crash since the outage that also hit Instagram, Facebook, Messenger and Occulus last year, but was potentially significant given the service’s user numbers. Transatlantic ties See you in Washington. The US-EU Trade and Technology Council (TTC) Chairs met virtually this week to discuss the upcoming ministerial conference set for 5 December. According to a White House spokesperson, the American and European officials emphasised the importance of the transatlantic relationship and potential outcomes of the next meeting, as well as the electric vehicle provisions included in the US 2022 Inflation Reduction Act. The next TTC summit will take place in Washington, DC. EU-Japan dialogue. The EU and Japan held their second meeting of the High-Level Economic Dialogue this week, during which they discussed sustainable finance, Japan’s 2023 G7 Presidency and the connectivity partnership between the two countries, in the context of which potential increased synergies between the EU’s Global Gateway strategy and Japanese infrastructure and energy projects in third countries were covered. Twin transitions Rural areas for tech. Speed is a crucial factor in whether the rollout of new technologies can positively impact rural committees, stakeholders emphasised during a week-long school on rural innovation held in Spain this week. Rural communities are often left behind when deploying new technologies, but there are significant opportunities for their use in sectors such as agriculture. Key to ensuring that their benefits can be accessed, speakers emphasised, is their quick installation and boosting of the digital skills needed to utilise them to their full potential. Read more. What else we’re reading this week: FTC brings action against CEO of alcohol delivery company over data breach (The Washington Post) Shutterstock will start selling AI-generated stock imagery with help from OpenAI (The Verge) Government plans significantly stricter energy requirements for data centres [in German] (Heise) Read more with Euractiv Interpol says metaverse opens up new world of cybercrimeGlobal police agency Interpol said it was preparing for the risk that online immersive environments - the "metaverse" - could create new kinds of cybercrime and allow existing crime to take place on a larger scale.