Digital Policy Tracker
Europe
When 15.09.2021 Where EU, Europe Who Ursula Von Der Leyen, European Union
In the perspective of IoT and of the growing intensity of cyber attacks on European soil (Irish Health System, Anhalt-Bitterfeld and Thessaloniki municipality, Lazio region being only some examples) Ursula Von der Leyen dedicated a key part of the yearly State of the Union address to laying out the reasoning behind the new proposal of a Cyber Resilience Act. The Act adds all connected objects to the scope of the existing proposal for a Directive on Security of Network and Information Systems, commonly known as the NIS2 Directive, dedicated to raising the cyber security requirements for digital services employed in critical sectors of the economy and society.
#ICT #cyberresilienceact #cybersecurity
When 10.09.2021 Where UK, Europe Who Boris Johnson, Information Commissioner's Office
Eyeing its Europe-leading digital innovation hub as an important lever for growth post-Brexit, the Conservative government is now launching works to overhaul and reform the regulatory landscape in the IT sector. By seeking to include economic growth in the mission of the Information Commissioner's Office, by restructuring the institution so as to to include an independent board and chief executive, by loosening its data protection law to become more business friendly. These proposals, now under a 10-week consultation, imply a clear choice: economy over privacy. Yet, a key factor still needs to be ensured: the EU still has to judge the UK's regulation and framework as satisfactory. An open confrontation on these matters might lead to a revision on the digital services and trade Brexit deal.
#privacy #innovation #brexit
When 08.09.2021 Where Estonia, Europe Who Estonian Government, EU
While the EU has been stepping up progressively to regulate and harmonise cybersecurity standards (from the CyberSecurity Act to the NIS 2 directive to ENISA's efforts more generally), investment is still lacklustre. So much so that a minimum threshold of spending should be put forth. This is the argument made by the Estonian IT Minister, Andres Sutt, in front of fellow European ministers during Tallin's Digital Summit. Estonia, a digital leader both in cybersecurity and disruptive innovation, is the strongest advocate of digitisation as a vector of growth and geopolitical strength in the continent. Host of the NATO Cooperative Cyber Defence Centre of Excellence, of the EU's Agency for the Operational Management of Large-Scale IT Systems and third-ranked in the Global Cybersecurity Index. Yet, not every country is as big a believer in cybersecurity: the upcoming French EU Council Presidency will be key in seeing how much the debate can be forwarded when a fellow-minded country is in the position to do so.
#cyberdefence #ENISA #cybersecurity
When 19.08.2021 Where Europe Who Civil society, Apple
An international coalition of around 90 digital rights groups has drafted and signed an open letter asking the CEO of Apple, Tim Cook, to reconsider his intention to create scanning features to detect child sexual abuse material. On the 5th of August, Apple announced its intention to introduce child safety features to inspect children’s IMessages and to identify child sexual abuse content among images uploaded on iCloud. Still raging in Europe and beyond, the tradeoff between privacy and combating of pedo-pornography is still waging. The creation of a voluntary backdoor is seen as a dangerous precedent by policy groups, who fear governments (especially authoritarian ones) might start asking for a progressive broadening of the perimeter of scanning. Pressure on the company, or potentially legal requirements, would thereby pile up. On the other hand, the rampant accessibility of child abuse content online, some would argue, would justify usage of such extraordinary measures. Reminiscent of the recent European Parliament ePrivacy derogation allowing for voluntary tracking of child sex abuse content online, this faultline of modern day privacy regulation is becoming front right and centre in the today's policymaking agenda.
#privacy #childabuse #cybersecurity
When 17.08.2021 Where Serbia, Europe Who Twitter, Serbian Government
After a variety of local media outlets (Kurir tabloid, First TV, RTS, Tanjug agency, “Serbian Telegraph, “Politika” newspaper, Happy TV, Pink TV, the tabloid “Informer” newspaper and B-92 radio) got labelled as 'cooperating with the Serbian government' by Twitter, the Serbian President Vučić erupted in disapproval by stating "can’t wait Twitter to switch off my account to become another Trump". The President also criticized Twitter for not labelling State financed media (such as the BBC, Voice of America, or NPR) similarly, alluding to anti-Serbian bias. Twitter responded by highlighting the editorial indipendence of these media platforms. A further example of Twitter's efforts to act as more and more like a gatekeeper, this scenario shows yet again how open the hostility can get between these now indispensible platforms and local institutions.
#Twitter #contentmoderation #platformgovernance
When 29.07.2021 Where Ireland, Europe Who Irish Data Protection Commission, Facebook
After dragging down the speed of its investigations into Whatsapp's potential privacy violations, the Irish Data Protection Commission has been given one month to finish the investigation by the European Data Protection Board. Among the matters of investigation, there is most importantly the failture to provide clear information on what data Whatsapp was sharing with Facebook. Not the first time the Irish regulator has been blamed for being too forgiving with Big Tech (MEPs have accused Ireland in the past of de facto not enforcing the GDPR), the decision signals one further blow for the board. Speculation is rampant on the results of the eventual investigation.
#privacy #dataprotection #GDPR
When 28.07.2021 Where Ireland, Europe Who Tik Tok
TikTok has announced that it will be launching a new cybersecurity centre in Ireland, the first of a number of planned ‘Fusion Centres’ designed to respond in real-time to cyberthreats. This new centre aims to expand on TikTok's global security practice established in Washington DC, in an effort to keep up with the soaring investments by Big Tech in cybersecurity offerings, via both acquisitions and internal expansions. In this period of increasing frequency of cyberattacks (Colonial pipeline, Lazio Region, Ireland health system, etc.), policymakers' general electorate's attention is focusing itself more and more on the matter, pushing the bigger companies to keep up with the times. Between the ever increasing reputational cost of failed data protection and the risk of further hardening of regulation by policymakers (e-privacy directive, review of NIS 2, etc.), the GAFAM are rushing to get ready.
#dataprotection #cybersecurity #tiktok
When 27.07.2021 Where United Kingdom, Europe Who NHS
According to an analysis published by the Financial TImes, more than 40 companies have been granted to access to an estimated 100 different NHS data sets from English hospitals. The data concerns topics as diverse as databases listing patients admitted, their diagnosis and treatment all the way to more niche data sets on mental health, mortality, maternity services. Part of a wider strategy to leverage data to achieve stronger public health outcomes, the news has sparked some worry on those most suspicious of conflict of interest and lack of transparency in the usage of that data. Among the institutions that have received the data we can notice medical analytics companies (IQVIA, Carnall Farrar, Methods Analytics), charities, vaccine manufacturers, subcontractors and even management consultancies. As rigourous as the application procedure to be granted access to the data is (pseudonymisation of the data, vetting of candidate companies wanting to access the information, guarantee that it will be used exclusively to improve treatment of patients), concerns about the commercial applications of this data that can be extracted by for-profit entities that have access to this exclusive information is legitimate.
#healthcare #datagovernance #privacy
When 19.07.2021 Where France, Europe Who French Government, NSO group
After the report of President Emmanuel Macron having been targeted via the Pegasus spyware by a Moroccan intelligence service, the French government has called a defence cabinet to assess potential responses to the news. The President has, as of now, changed both phone and phone number, by precaution. In case this Moroccan hypothesis was to be confirmed, Paris states to be ready to 'publicly contest' Rabat's actions. Macron's phone would in this case be the most high-profile phone number to be hacked by the Pegasus spyware, which has shown the limited safety of Whatsapp's encryption services.
#cyberespionage #spyware #pegasus
When 19.07.2021 Where European Union, Europe Who European Union
After the Chinese cyberattacks on Microsoft's servers, the EU has joined in on the White House's calls for condemnation. If Biden has obtained total collaboration from allies such as the UK, Japan, and Australia, the EU has stopped short of directly blaming the Chinese government for the attacks, as it was wished by Washington. This divergence further indicates a softer stance on China by European partners as opposed to a more incisive United States, which seeks to replicate the success of the recent cybersecurity conversation with Putin.
#cybersecurity #China#cyberattacks
When 16.07.2021 Where European Union, Europe Who European Parliament, Google, Facebook
The Data Governance Act was adopted in the Industry committee with a landslide majority. The legislative proposal, submitted last year, intends to define the governance of the European data spaces. The governance structure will be centred around data intermediaries, which will have to fulfil specific neutrality obligations that avoid the concentration of data in the hands of few major players. The intent is to create a trusted environment for European SMEs to reap the benefits of the data economy. DGA-compliant intermediaries will be able to receive a ‘soft’ certification from the competent national authorities. An advisory body gathering key stakeholders will also be introduced to facilitate agreement on harmonised standards and interoperability requirements. The final vote in the plenary is expected in September, as the initiative is as of now still blocked at the Council level.
#data #governance#privacy
When 07.07.2021 Where United Kingdom, Europe Who UK Government
In a fresh report on election finance ( which can be found here) , the Committee on Standards in Public Life called for "more proportionate and transparent rules" to better track overseas influence and allow Britain's "highly complex" laws to keep pace with digital campaigning.Among the main points of concern, the fact that United Kingdom's current electoral rules do not explicitly prohibit foreign actors from spending on election campaigns, and the intelligence and security committee, which oversees the country's intelligence agencies, warned last year that the country is still "vulnerable to covert digital influence campaigns" by countries such as Russia. Especially considering that no support to politicians below 20 thousand £ in England is to be declared public. In a context of hybrid warfare and repeated interference in elections, the committee is wary of the risk such an exposure would bring to the integrity of the electoral process.
#digitaladvertising #elections
When 07.07.2021 Where United Kingdom, Europe Who UK Government
Boris Johnson has announced that the government will review the purchase of the UK’s largest producer of semiconductors, Newport Wafer Fab, by a Chinese-owned manufacturer called Nexperia, after it was criticised for apparently acquiescing to the takeover. In a context of shortage of semiconductor supply (carmakers in 2021 are for instance already experiencing production delays), this move is to be seen as an attempt to tame the efforts from China to insert itself in the strategic supply chains of Western states. The government is also scrutinising the takeover of Cambridge-headquartered chip designer Arm by the US chip company Nvidia on national security grounds. Boris Johnson himself has defined semidonductors as "of huge importance to this country".
#trade #semiconductors #criticalinfrastructure
When 06.07.2021 Where European Union, Europe Who European Parliament
The European Parliament adopted the final version of the ePrivacy (a 2002 directive regulating the processing of personal data and the protection of privacy in the electronic communications sector) derogation, a temporary measure enabling providers of electronic communication services to scan and report private online messages containing material depicting child sex abuse. The provisions also allow companies to apply approved technologies to detect grooming techniques. The measure is an iterim provision until 2025, or until the adoption of the long-awaited (negotiations for it sarted in 2017) revision of the directive altogether. A priority of the upcoming Slovenian presidency, such a revision would update a now obsolete regulation, where profound asymmetry is applicable between the heavily regulated personal data (where GDPR applies) and the far less regulated non-personal data (where ePrivacy applies).
#contentmoderation #childabuse #privacy
When 05.07.2021 Where France, Europe Who European Commission, French Government
On a second reading of the bill on fighting separatism (mainly dedicated to fighting internal terrorism), the French National Assembly adopted a text under which platforms will be required to “make public the resources they devote to combating illicit activities” and to “implement procedures and proportionate human and technological resources” to this end.The French law obliges operators to designate a single point of contact for cooperation with judicial and administrative authorities, and the conservation of reported and removed content. An “easily accessible and user-friendly reporting system” for users and the establishment of a “trusted third party” status are also required. According to the Commission, the bill poses a “risk to the single market in digital services and to Europe’s prosperity”, and represents one further example of the strenuous tension between Common Market principles appear to be threatened by the digital economy and the inherent divergences in policy positions between Member States.
#digitalplatforms #contentmoderation #singlemarket
When 28.06.2021 Where United Kingdom & EU, Europe Who EU Commission, UK Government
The EU Commission has approved a deal that will will allow personal data to be transferred from the EU to the U.K., avoiding a no-deal scenario that could have cost the British economy as much as £1.6 billion. The approval by the EU's executive comes only days before an interim solution to keep data flowing across the Channel after Brexit runs out, as the European Commission ran out of time to approve the deal before the Brexit transition period ended in January 2021, and therefore had to work a temporary, six-month solution into the trade deal to keep continue transferring data. This indirectly implies approval of British data protection standards, which is not to be given lightly according to the association of practitioners in the field. This decision is interpreted by some as an example of "softness" towards the UK, whose relatively healthy startup economy and digital sector would have massively suffered from a rejection of the deal, as three-quarters of the country's international data flows are with the 27-country bloc.The contract does however include a clause to review its conditions in 4 years' time.
#trade #data #brexit
When 25.06.2021 Where United Kingdom, Europe Who Google, Amazon, CMA
The UK's CMA is investigating whether Amazon and Google have broken consumer law by not taking sufficient action to protect shoppers from fake reviews. The CMA, which began probing into the issue of fake reviews on these major platforms two years ago, has stated that the work it has undertaken so far has raised ‘specific concerns’. In particular, these concerns include the inadequacy of action on the part of these platforms to detect fake reviews, identify suspicious behavioural patterns, investigate the reviews, and to impose sanctions on reviewers and businesses who are in contravention of the rules. If the investigation does indeed reveal that Amazon and Google have broken consumer laws, the CMA can take enforcement action, such as securing formal commitments from the platforms of addressing the problem with rigour, engaging in litigation etc.
#Google #Amazon #contentmoderation
When 25.06.2021 Where France, Europe Who Apple, French Government
A lawsuit led by the startup interest group France Digitale and the French government, targeting Apple, is being pursued by French attorneys. Hearings will start towards September. The lawsuit, initiated 4 years ago by the French government, concerns contracts with app developers, which France Digitale deems as anti-competitive and abusive of Apple's position of advantage.
#AppleStore #Antitrust #Competition
When 23.06.2021 Where European Union, Europe Who EU Commission
The European Commission laid out on the 23 June its vision for a Joint Cyber Unit to tackle evolving cyberthreats and to increase European resilience. The Joint Cyber Unit will serve as a platform for cooperation for cybersecurity communities across the EU, enabling them to draw on each other’s support and to create a cybersecurity shield to detect cyberthreats before they can cause damage.
#cybersecurity #ransomware #cybercrime
When 23.06.2021 Where European Union, Europe Who Youtube, CJEU
A ruling by the Court of Justice of the European Union (CJEU) on Tuesday 22 June has shed some light on the conditions under which content-sharing platforms are exempted from responsibility for copyright infringements, with potentially far-reaching implications for the EU’s Copyright Directive and the Digital Services Act. The CJEU ruled that online platforms are not to be considered responsible for content illegally posted by users unless they actively contribute to making such content available. In this legal framework, online platforms are not required to monitor users’ online content to see if it respects copyrights.
#DSA #CJEU #contentmoderation
When 21.05.2021 Where France, Europe Who Capgemini, EDF, French Government
Telecom Paris and Netexplo officially launched the Technologies & Digital Sovereignty observatory on Thursday (20 May), which aims to bring together companies and startups and political players. The new observatory, which has been joined by Capgemini Invent, EDF, Renault, Orange Business Services, Thales and Village by CA, has set itself the objective of deciphering initiatives in the field of digital sovereignty: 5G, cloud, artificial intelligence, connected objects.It will report on its observations at an annual event on “New technological horizons of digital sovereignty”.
#digitalsovereignty #govtech
When 21.05.2021 Where Germany, Europe Who German Parliament
German parliament adopted a law regulating data protection and privacy in telecommunications and telemedia, transposing EU requirements on cookies from the bloc’s e-privacy directive. German data protection was until recently regulated by a series of laws, leading to legal uncertainty due to partially contradictory provisions. The Telemedia Act (TMG) and the recently amended Telecommunications Act (TKG) have prompted uncertainty in some quarters. The Data Protection Act passed on 20 May intends to unify the country’s rules and align with the EU’s General Data Protection Regulation (GDPR).
#telecommunications #dataprotection #privacy
When 14.05.2021 Where Ireland, Europe Who Ireland Health Services
Irish hospitals were forced to shut down IT systems and cancel appointments following a ransomware attack on the Irish Health System's IT infrastructure. The organisation switched to paper files immediately so as to avoid acquisition of patient data.
#ransomware #cyberattack #criticalinfrastructure
When 13.05.2021 Where European Union, Europe Who European Commission
The Commission has presented a paper explaining how it expects the DSA to address disinformation. Firstly, through a co-regulatory approach including stakeholders in the definition of minimum criteria. Secondly, tackling illegal content and systemic risks. By requiring all online platforms to issue Codes of Conduct that illustrate how the platform will tackle these risks. Thirdly, user empowerment is related to advertisements as they have been identified as key amplifiers for spreading disinformation. Finally, the Commission contends that the DSA enforces a diligent approach, providing binding risk management obligations on online platforms.
#platformregulation #onlineharm #misinformation
When 12.05.2021 Where Luxembourg, Europe Who EU Court of Justice, EU Commission, Amazon
The EU General Court Wednesday overruled the European Commission's finding that Luxembourg granted €250 million in illegal tax benefits to Amazon. The Commission's finding that Amazon was granted a tax advantage "is based on an analysis which is incorrect in several respects," the court held.
#digitaltaxation #taxavoidance #amazon
When 30.04.2021 Where European Union, Europe Who European Council
A provisional deal has been reached at the European Council level on the removal of online child sex abuse. The interim regulation will apply, for a duration of three years, to providers of electronic communications services such as web-based email and messaging services, forcing them to detect, remove and report child sexual abuse online. The issue had been one of the main sticking points still to be solved of the upcoming e-Privacy directive, which has been under negotiation since 2017..
#onlinecontentmoderation #onlineharm #privacy
When 30.04.2021 Where European Union, Europe Who European Commission, Apple, Spotify
The European Commission is issuing antitrust charges against Apple, following an initial complaint from Spotify in 2019. The Commission's concerns are related to the App Store policies, including charging a 30% cut of every in-app purchase. By having a dominant role in the music streaming app market and a gatekeeping role for the App Store, Apple is in breach of EU competition law.
#antitrust #competitionlaws #appstore
When 27.04.2021 Where Ireland, Europe Who TikTok
Tiktok announced the opening of a European Transparency and Accountability Centre. The centre will focus on online content moderation and users' privacy and security on the platform. The company has already opened a similar centre in the US, yet the choice to open a new one in Europe seems a strategic one, as the EU and UK are updating their digital policies. Tiktok has more than 100 million users in Europe, and the new centre will help people and regulators better understand the platform's processes and procedures.
#contentmoderation #privacy #tiktok
When 21.04.2021 Where European Union, Europe Who European Union
The European Union proposed new laws to regulate the use and implementation of AI in the Member states. The proposed regulations will restrict and ban some AI uses, common in China and the US. The EU has included facial recognition, autonomous driving and algorithms for driven advertisement, automated hiring and credit scoring. Despite being at an early stage, the proposition can be considered a step forward for safer AI. The impact of a similar regulation could also shape AI policies across the world.
#airegulations #ai #eu
When 19.04.2021 Where United Kingdom, Europe Who Bank of England, Treasury
The Bank of England and the Treasury are launching a digital currency task force to monitor and explore the idea of adopting a digital currency in England. The task force will coordinate exploratory work to understand how the Bank of England would get the new currency into the economy, how households and businesses would use it and the implications for financial stability. Crypto regulations are being drafted and implemented across multiple countries at the moment. The urge to regulate them follow the growing interest in digital currencies and a wave of payments digitalization due to the covid-19 restrictions. In the UK, the exploration of potentially adopting a digital currency is also a way to maintain the City as one of the world's financial capitals.
#cryptocurrency #cryptopolicies
When 08.04.2021 Where European Union, Europe Who European Union
The EU has presented its vision for Europe's digital transformation, with a horizon of 2030. The strategy will focus on four levers of action: skills, government, infrastructure and business. Among the various goals set by this roadmap, we can note: 100% online provision of key public services, 75% of European business making use of cloud computing services, gigabit connectivity for the entirety of EU households.
#digitalinfrastructure #digitization #eu
When 05.04.2021 Where European Union, Europe Who Google, European University Institute
Google has provided a founding donation of 25 million EUR to the newborn European Media and Information Fund, managed by the European University Institute and by the Calouste Gulbenkian Foundation. The fund will provide grants to researchers, fact-checkers, not-for-profits and other public interest-oriented organisations working on disinformation research and strengthening media literacy and fact-checking.
#fakenews #onlinecontentmoderation #google
When 01.04.2021 Where United Kingdom, Europe Who UK CMA, Facebook, Giphy
The UK CMA has started an investigation on Facebook's 400 million $ acquisition of GIPHY, for fear that the takeover may “result in a substantial lessening of competition” for gif creation. The regulator believes the acquisition could lead to a squeeze on the supply of gifs to other social networks such as Snapchat, TikTok and Twitter, by 'lessening the incentive to expand its digital advertising, leading to a loss of potential competition in this market'.
#antitrust #socialmediaplatforms #facebook
When 31.03.2021 Where Netherlands, Europe Who Booking, Dutch Data Protection Authority
The Dutch Data Protection Authority has fined Booking.com for having been too late to report a data breach of the personal information of 4000 customers. The company did in fact miss the obligation to report the breach within 72 hours, only signalling the issue one month after the emergence of the problem.
#dataprotection #privacy #cybersecurity
When 17.03.2021 Where France, Europe Who French Competititon Authority, Apple
France’s competition authority has given the go-ahead for Apple’s new privacy protocols to be implemented, stating that the move does not “constitute an abuse of a dominant position,”. The main point of contention came from developers, which harboured fears of unfair competition following the announcement by Apple this June of a new policy to strengthen the protection of its customers’ privacy, introducing a feature dubbed ATT (App Tracking Transparency) in September 2021. The new mechanism would mean that an iPhone owner, when viewing an application downloaded from the App Store, would see a pop-up window asking for explicit consent to share personal data with third parties for advertising purposes. In case of consent by the viewer, third parties would be able to access the Identifier for Advertisers (“IDFA”), which identifies each Apple device and allows for the tracking of the owner’s advertising, including on third-party sites. The complainant associations criticized Apple for requiring application developers to use ATT solicitation to access the IDFA identifier. The collection of consent via ATT solicitation would condition the tracking of the user’s advertising on third-party sites, which would then allow targeted advertising to be sent to the user. This approval paves the way for the deployment of the new privacy policy, which is expected for autumn 2021.
#competition #privacy #apple
Read More
Watch Our Episodes