This article has been written by Aditi Sahu pursuing a Diploma in Business Laws for In-House Counsels. This article has been edited by Ruchika Mohapatra (Associate, Lawsikho).
For many years, Europe has placed a high priority on the regulation of digital markets. The European Commission committed the EU to establish a digital single market in 2015, which generated several of the initiatives and regulatory changes affecting both providers and users of digital goods and services. Even within the EU, the standard of digital regulation has varied – and continues to vary – with many issues left to local implementation. In 2016, the United Kingdom voted to leave the European Union (with Brexit taking effect in 2020), resulting in further digital regulatory divergence across Europe.
As European digital regulation continues to evolve, the process of Digital Compliance has become a much higher priority for any organization providing or consuming digital goods and services in Europe. Organizations are finding it increasingly difficult to maintain regulatory compliance as digital technology evolves.
European Union: Digital regulation and Compliance development
Morrison & Foerster’s European Digital Regulatory Compliance team reports on some of the most important topical developments in European digital compliance that occurred in the second quarter of 2021 to help organizations stay on top of the main developments in this area. These Digital regulation and Compliance development are:
Preparing Europe for the Digital Age: Amendments to the Proposed Digital Services Act
The dynamic duo is on its way! The European Commission published two major proposed pieces of legislation in December 2020 to implement the EU’s digital strategy. The Digital Services Act (DSA) and Digital Markets Act (DMA) are intended to work together to create a safer digital space and a level playing field to foster innovation and growth both in the EU and globally.
As one-half of this legislative package, the DSA will focus on the regulation of digital service providers, also known as “intermediaries.” It aims to address the dominance of “very large” platforms (those reaching more than 10% of Europe’s 450 million consumers) as well as corporate accountability for third-party content. Breach of the DSA may result in one-time fines of up to 6% of annual global turnover or periodic penalty payments of up to 5% of average daily turnover.
Once enacted, the DSA and Digital Markets Act will be directly applicable throughout the EU and will not require national implementation by each Member State.
Both the DSA and the Digital Markets Act have a long road ahead of them, as they must be debated and agreed upon before they can be implemented. The EU institutions will now debate and (hopefully) agree on both pieces of legislation. During those debates, additional comments and/or updates may be made. And, of course, there will be strong opinions and lobbying from digital service providers to try to relax both the requirements on digital intermediaries and the size of the potential financial penalties.
Preparing Europe for the Digital Age: Amendments to the Proposed Digital Market Act
The Digital Markets Act is the second half of the EU’s legislative duo described above (DMA). The DMA will focus on “gatekeepers,” or core platforms that serve as a link between business users and customers. The proposed regulations express concern about such platforms’ “entrenched and durable” positions, which the EU believes leads to unfair practices and a lack of competition, resulting in higher prices, lower quality, and less innovation in the digital economy. Only a cynic would see a link between the EU’s concern and the fact that these platforms are almost entirely based outside of the EU.
If a core platform provider meets the following criteria, it will be considered a gatekeeper:
- has a significant impact on the EU internal market (currently, an annual EEA turnover of over €6.5 billion for three years or a fair market value of the undertaking or its parent of €65 billion);
- operates one or more important customer gateways (currently, having over 45 million EU end-users and over 10,000 yearly active business users); and
- enjoys or is expected to enjoy an entrenched and long-term relationship with customers (currently, having over 45 million EU end-users and over 10,000 yearly active business users);
While the draft DMA establishes certain parameters for determining whether or not a provider is a gatekeeper, it also permits the European Commission to designate gatekeeper status based on other factors.
Gatekeepers will do things like:
- must follow new data-sharing rules;
- must allow their software and apps to be removed from hardware;
- must allow business users to conclude contracts with end-users outside of the gatekeeper’s platform; and
- must refrain from favouring their products over those of other business users.
The DMA comes at a time when several EU Member States are debating or have already adopted new regulatory instruments aimed at regulating gatekeepers or “large digital companies” more broadly to keep relevant markets open and competitive (e.g., the German UPSCAM regulation that entered into force in January 2021). Given that the DMA claims to be the EU’s primary tool for enforcing such regulations, it’ll be interesting to see how its relationship with these national regimes develops.
The DSA, on the other hand, will now need to be debated and agreed upon among EU institutions before being accepted, and if adopted, it will have an immediate impact throughout the EU.
The United Kingdom’s New Digital Task Force is focusing on Big Tech
The UK will not use the DSA or DMA after Brexit. However, the UK is looking to change the way it regulates digital markets, which most likely means attempting to achieve the same goal as the EU in terms of regulating “big tech” companies. Several key UK regulatory agencies (the Competition and Markets Authority (CMA), the Information Commissioner’s Office, the Financial Conduct Authority, and Ofcom) have joined forces to advise on the UK’s digital market regulation strategy. They form the UK’s Digital Task Force, which has released its first document of advice.
A legally binding code of conduct (with different rules for different types of companies), pro-competitive interventions (including remedies such as personal data mobility and interoperability), and enhanced merger rules are all part of the Digital Task Force’s proposed regulatory regime, which will be overseen by a new Digital Markets Unit (DMU) within the CMA. The DMU was founded by the UK government in April 2021, and it has promised to consult on a pro-competitive regime later that year, intending to be able to regulate the world’s largest digital tech companies by 2022.
The Digital Task Force’s regime is aimed at digital businesses having a “strategic market status” (SMS), which is defined based on evidence. This aligns with the EU’s (as previously explained) objective of targeting corporations with a stronghold on the market. However, unlike the EU, the UK Digital Task Force proposes that such an SMS evaluation be applied to a corporation’s specific activity rather than the entire company.
While the Digital Task Force envisions a proactive regime and open and constructive cooperation with SMS companies, its suggested penalties go further than the EU’s. The task committee advises that the UK use fines of up to 10% of global turnover to deter violations of the system. It’ll be interesting to see how big IT companies respond to this “operate with us or against us” mentality.
The DMU’s formal establishment in April 2021, as well as the UK government’s planned consultation on its pro-competitive policy, will be the primary events to watch in the coming months. When parliamentary time allows, the UK government has also committed to passing legislation enshrining the DMU in law.
AI, robots, and machine learning—as well as liability issues—will be addressed in upcoming EU law
The European Commission has been working on two imminent, eye-catching legislative drafts in the context of new technologies such as artificial intelligence, machine learning, and autonomous robots over the past few months.
First, the Commission has released its legislative proposal for a regulatory framework for artificial intelligence. The proposal entails a set of mandatory regulatory requirements, at least for certain high-risk types of AI, and GDPR-style fines based on a percentage of turnover for non-compliance, based on the Commission’s preparatory work, most notably its White Paper on AI released in February 2020 and its Inception Impact Assessment released in July 2020. The Commission said that it would work to address three major areas of concern identified by the Commission:
- the impact of AI-based decision-making on fundamental rights (e.g., in the case of biassed or discriminatory AI decisions);
- the safety risks arising from AI applications that are currently not captured by the EU product safety framework (e.g., due to the dynamic nature of AI); and
- a solution for assigning liability in the event of damages caused by AI.
Second, the Commission published its proposal to revise the EU Machinery Directive alongside the AI proposal. The Machinery Directive governs the essential health and safety requirements that machinery must meet before it can be placed on the EU single market, as well as the procedures for mitigating associated risks. The Commission’s proposal includes several amendments aimed at more explicitly recognizing that machinery is increasingly implementing emerging technologies such as AI, machine learning, or autonomous mobility and that these technologies introduce new health and safety risks for people and property exposed to such machinery.
Both drafts were published by the Commission on April 21, 2021, putting these initiatives into ordinary legislative proceedings at the EU level, where they could be finalized in early 2022. Companies that expect to be impacted by the new rules should review the published draughts and look for opportunities to discuss their concerns with relevant stakeholders.
Geo-blocking remains an important area of research and enforcement in the EU
The EU Commission fined Valve, the owner of the online PC gaming platform “Steam,” and five other PC video game publishers a total of € 7.8 million in February 2021 for violating EU antitrust rules through geo-blocking practices (see 20 January 2021 press release). The valve was fined more than €1.6 million on its own.
The Commission discovered that Valve and PC video game publishers restricted cross-border sales of certain PC video games based on users’ geographic location within the European Economic Area (EEA). They allegedly prevented customers from activating and playing PC video games purchased in one EU country in another, limiting cross-border sales. This enforcement action demonstrates that compliance with geo-blocking rules is critical, and it is one of the issues that regulators will always be interested in (particularly the EU Commission).
Online intermediary legislation in the EU is starting to take shape
The EU has started to submit several particular legislative proposals to regulate online intermediaries, in addition to the planned Digital Services Act package (see above). Since July 2020, the EU’s Regulation on Promoting Fairness and Transparency for Business Users of Online Intermediation Services (the Platform to Business Regulation or P2BR) has been in effect (dubbed the “first-ever rules” by the EU). Despite Brexit, the Online Intermediation Services for Business Users (Amendment) (EU Exit) Regulations 2020 under the EU Withdrawal Act 2018 kept these restrictions in place in the UK.
The P2BR applies to online intermediaries (i.e., online marketplaces that allow businesses to offer and sell items to consumers) and search engines, and places a strong focus on transparency, including requiring service providers to reveal how they rank goods and services on their site.
The EU Commission has recently published Guidelines under the P2BR on this so-called “ranking transparency.” The P2BR not only promotes transparency and predictability, but it also prohibits certain “unfair” practices, such as suspending or terminating a user’s account without providing a statement of reasons (and a right of appeal) and amending terms and conditions without providing at least 15 days’ notice. Internal complaint handling procedures will also be required for online platforms.
The UK is reforming its digital consumer laws
The UK government produced a report by John Penrose MP in February 2021 on how the UK’s post-Brexit competition and consumer law environment should evolve. In the long run, the Penrose Report recommends for the UK Competition and Markets Authority (CMA) to be able to decide consumer violation matters and impose fines in the same way that it does for competition law cases without having to go to court. This is expected to give consumer law enforcement a higher priority than it already has.
The Penrose Report also backs the UK government’s plan to create a new digital markets’ unit (DMU) inside the Competition and Markets Authority (CMA) to regulate digital enterprises with significant, entrenched market power. The DMU, however, should focus on specific companies that hold and operate new network and data monopolies, rather than the digital sector as a whole, according to the report. The focus in the Penrose Report on “making markets work for people, not the other way around” suggests that new rules and regulatory authorities are on the way.
Delayed adoption of the European Electronic Communications Code adds to the uncertainty for providers
The European Union enacted the “European Electronic Communications Code” (the “EECC”) in 2018, a new Directive aimed at modernizing and revising the European regulatory framework for electronic communications. The EECC was expected to be incorporated into EU Member States’ national laws by December 2020, however, implementation efforts are still underway across the EU. As a result, the European Commission launched infringement procedures against 24 Member States in February 2021 for failing to implement the EECC promptly.
The fact that the EU does not harmonize all aspects of electronic communications laws, as well as the EECC’s handling of web-based (or OTT) communications services, maybe two major reasons for the delay. While the EECC resolves the long-debated question of whether OTT communications services are within the scope of the EU framework by broadly including all of these services, it leaves it up to the Member States to define the scope of obligations that apply to such OTT services that do not allow communication with traditional phone numbers.
The governments of the United Kingdom and Germany have taken action to address the dangers of the internet.
The UK government has now released its full answer to the Online Harms White Paper consultation. The statement reveals that the impending Online Safety Bill will establish a new legal framework to combat hazardous content online (OSB). By introducing a statutory duty of care, the OSB will force in-scope companies (as listed below) to bear responsibility for their users’ safety. Any in-scope companies who provide services to UK users, regardless of where they are located in the world, will be subject to this duty. Social media platforms, consumer cloud storage sites, search engines, video sharing platforms, online instant messaging services, video games that allow interaction with other players, and online marketplaces are examples of in-scope services. The framework is set to be implemented in the second half of 2021.
The UK government wants to make sure that policy initiatives in this sector are coordinated with similar legislation in the US and the EU, such as the European Commission’s proposed Digital Services Act (see above) and the Audiovisual Media Services Directive, which established a new regulatory regime for video-sharing platform services.
In early 2021, the Law Commission in the United Kingdom will issue proposals on the reform of criminal offences about damaging online communications. The UK government will take these recommendations into account and incorporate them into the OSB to the extent necessary, with the OSB itself expected to be available in 2021. As previously stated, the requirements of the juvenile protection law take effect in Germany in Q2, 2021, and we await the findings of any hate speech legislation evaluations.
New (case) laws on digital copyright
The European Court of Justice (ECJ) added another component to its complicated case law on the “right of public communication” (VG Bild-Kunst v Stiftung Preußischer Kulturbesitz) in March 2021. The usage of hyperlinks and deep connections to copyright-protected information (including framing) does not qualify as a so-called “copyright relevant conduct,” i.e., as a “communication to the public,” according to ECJ case law. However, this is only true if the content is readily accessible online with the approval of the right holder. In light of this, the European Court of Justice has now stated that this criterion is not met where framing procedures thwart effective technological protection measures taken or imposed by the right holder. In this scenario, framing is considered a public statement that requires prior consent (and which would create liability where the authorization of the original rights-holder is not obtained).
The European Court of Justice is now debating whether certain online service providers engage in copyright-relevant acts of public communication. Despite this, the European Parliament has already abandoned the safe harbour for such hosting companies. Article 17 of the 2019 Copyright Directive imposes direct accountability on “online content sharing service providers” for copyright-infringing content uploaded by users, forcing platforms to obtain licenses and to remove and prohibit automatically filtered content. Member states will not be required to harmonize! Special safeguards for user rights are included in some national implementation draughts, such as Germany’s.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: