Date: 25 May 2021
Author: Seamus Allen
Since the onset of the COVID-19 pandemic, digital technology has attained an unprecedented importance in Europe’s economy and society. It was thus particularly prescient of the European Commission President, Ursula von der Leyen, to have already declared that the digital transition would be one of the new European Commission’s top two priorities. Furthermore, the Commission had already unveiled an ambitious and broad ranging plan for regulating and promoting Europe’s digitalisation as presented in its Work Programme and Digital Strategy. Amidst the disruption caused by the pandemic over the last year, the digital agenda has now become even more important.
The Digital Markets and Digital Services Acts
The proposals for both the Digital Markets Act (COM/2020/842 final) and for the Digital Services Act, (COM/2020/825 final) were presented by the European Commission in December 2020. They are now going through what is expected to be a lengthy process of negotiations between the Commission, EU Member States and the European Parliament. It is expected that the finalised acts may not be implemented until 2023.
The Digital Services Act aims to implement measures for online platforms and online intermediary services to make the online environment safer and more transparent. Proposed obligations include:
- Clearer measures on how illegal online content, disinformation and illegal online sales can be reported by users;
- Due diligence obligations for online platforms to take action to counter illegal content and illegal sales;
- Clearer measures on how online content removal can be contested by users;
- Greater transparency for users on how and why they are shown particular advertisements;
- Extra requirements for larger platforms, including regular risk assessments and greater autonomy for users to opt-out of being profiled for the purpose of being shown targeted, personalised content.
The Digital Markets Act is specifically aimed at very large online platforms that the European Commission deems systemically important and which it terms “gatekeepers.” It proposes that such gatekeepers must:
- Ensure that their services are inter-operable with the services of third parties in specific situations;
- Provide tools so that businesses that advertise on their platforms can independently assess this advertising;
- Allow business users to access any data that they generate on the platform;
- Allow business users to also offer their goods and services on competing platforms and on different terms (such as different prices) and to not restrict other users from accessing these offers;
Gatekeepers are also prohibited from:
- Self-preferencing their own products over those of competitors;
- Preventing users from un-installing pre-installed apps if they wish to do so.
In December 2020, the European Commission unveiled the new EU Cybersecurity Strategy and confirmed the creation of the new European Cybersecurity Industrial, Technology and Research Competence Centre in Romania. The European Commission also introduced a proposal for a revised directive on the Security of Network and Information Systems (NIS 2.) (COM/2020/823 final). The proposal expands the range of sectors deemed to be of critical importance, increases the number of firms that will be included in scope, and strengthens the cybersecurity requirements for these sectors, including new requirements for companies to assess cybersecurity risks in supply chains.
First proposed in 2017 by the European Commission, the ePrivacy Regulation was intended to replace the 2002 ePrivacy Directive and to accompany the General Data Protection Regulation. The regulation would expand the application of the ePrivacy Directive to a wider range of communication mediums. Features of the proposal include stronger protections regarding meta-data, streamlining rules on cookies, and protections against spam. Progress of the proposal was delayed by numerous points of disagreement, especially over the processing of electronic communications to fight crime and child sexual abuse. On 10 February 2021, the Council of the EU finally agreed its position on a draft ePrivacy regulation but a lengthy period of contentious negotiations with the European Parliament is still expected.
The European Commission published its “Digital Compass” strategy, (COM(2021) 118 final) in March 2021 to chart its course for Europe’s “digital decade.” The Digital Compass highlights the EU’s focus on four areas:
- Digital Skills – By 2030, the EU aims for at least 80% of citizens to have basic digital skills, and for Europe to have 20 million ICT specialists;
- Secure and reliable digital infrastructures – The EU intends that gigabit connectivity and 5G should be widely available across Europe; Europe also aims to produce 20% of the world’s semi-conductors;
- Digitalisation of business – By 2030, the EU expects that three out of four EU companies should use cloud computing services, big data and Artificial Intelligence (AI); most SMEs should achieve a basic level of digitalisation;
- Digitalisation of public services – By 2030, the EU aims to have all key public services available online; all citizens should have access to their e-medical records; and 80% of citizens should use an e-ID.
Proposed Regulations for Artificial Intelligence
The EU Commission released its long-awaited proposal for a regulation to harmonise rules on Artificial Intelligence (COM(2021) 206 final) on 21 April 2021. For AI that is considered to be “low-risk”, there will be few or no new regulations, although a voluntary code of standards will be established, and compliant AI systems will be recognised in a certification scheme. The definition of “high-risk” AI is based on AI applications that may pose a significant risk to health, safety or fundamental rights of natural persons. For “high-risk” AI, the proposal includes obligations relating to:
- The quality, representativeness and suitability of datasets;
- Recordkeeping of the AI system’s functioning throughout its lifecycle;
- Transparency regarding how an AI system operates;
- Human oversight;
- Accuracy, robustness and cybersecurity.
Developers of high-risk AI must put in place a quality management system, including a risk assessment system that will be run throughout the lifecycle of an AI application. “High-risk” AI applications must also go through a conformity assessment before they are placed on the market and must be subjected to these assessments again each time the application is deemed to have been “substantially modified.” Furthermore, certain types of technologies will be significantly restricted or partially prohibited – including the use of remote biometric identification by law enforcement and social scoring technologies.
Online Terrorist Content
The European Commission proposal on preventing the dissemination of terrorist content online was approved by the European Parliament on 28 April 2021. This new law will begin being applied twelve months after its publication in the EU’s Official Journal. This new law will include requirements for hosting service providers to establish policies to prevent the dissemination of terrorist content and to conduct annual transparency reports on actions they have taken. It will also require that online platforms remove terrorist content within one hour of receiving a removal order from the national competent authority of a Member State. This has provoked concern from rights groups who fear that automated content moderation tools may lead to the widespread removal of legitimate content.
A new regulation on electronic identification, authentication and trust services (eIDAS) for electronic transactions is due in Q2 2021 which will replace the 2014 eIDAS Regulation. The new eIDAS Regulation seeks to create a new European digital identity to make it easier and safer for citizens to engage with businesses and public services online across Europe and to ensure that citizens have greater control over the data that they share and how it is used.
Digital Levy Proposal
In June 2021 the European Commission is expected to bring forward a proposal on a digital levy as a European own resource, meaning that the levy will be implemented and directly collected by the EU. It is expected that this proposal will be coordinated with progress in the OECD led international tax talks, which may have implications for digital tax. However, the EU Commission has also indicated that if international tax talks fail to lead to a satisfactory outcome, the EU intends to move ahead alone. The date of this proposal may be subject to change depending on progress in OECD talks. A consultation on the proposal for a digital levy ended in April 2021.
Acts on Data Sharing
Following on from the EU’s Data Strategy, presented in February 2020, the proposal for a Data Governance Act (COM/2020/767 final) was presented by the European Commission in November 2020. The act aims to promote data sharing by addressing legal concerns involved with data sharing, providing strict rules to promote trust in “data intermediaries” who can enable such data sharing to take place and by establishing a European Data Innovation Board. The Commission is also due to release its long-awaited Data Act proposal in Q3 2021. The Data Act will go further in promoting data sharing, both, between businesses and between business and government. This may include additional measures to provide greater legal certainty for data sharing on issues such as legal liability or the ownership of co-generated data. This act may contain measures to strengthen personal control over data and reinforce data portability. It may also introduce mandatory data sharing requirements for special scenarios in which market failure is deemed to have occurred, although under strict conditions. The data act is also expected to be accompanied by a review of the EU Database Directive.
Improving the working conditions of platform workers
The growing numbers of workers who rely on online digital platforms to be linked to customers are often in an unstable and insecure position. These platforms workers may lack a formal employment status and thus lack adequate legal and social protections, including for working conditions. On this basis, the European Commission intends to bring forward a legislative proposal to improve conditions for platform workers in Q4 2021.
Design requirements and consumer rights for electronics
In Q4 2021, the Commission is set to present legislative plans for “New design requirements and consumer rights for electronics.” This may include obligations for hardware manufacturers to provide a “right to repair” for electronic products, including computers, in order to address problems such as premature obsolescence and in order to promote the circular economy.
Initiative to extend the list of EU crimes to all forms of hate crime and hate speech
A consultation on the initiative to extend the list of EU crimes to all forms of hate crime and hate speech was held between February to April 2021, and an EU initiative on hate crime and speech is expected in Q4 2021. This initiative is expected to have implications for the regulation of online content, and may also have implications for other EU legislation, such as the Digital Services Act. The roadmap for the initiative focuses heavily on the perceived increase in online hate speech.
Conclusion: An ambitious and far-reaching agenda
The European Commission has put forward a wide-ranging work programme on digital policy, with initiatives ranging from privacy and data, to artificial intelligence and competition policy, and from online content to cybersecurity and digital taxation. Given the complexity and fast-moving pace of digital developments, many of the European Commission’s proposals will likely undergo in-depth scrutiny, debate and detailed negotiations with the European Parliament and Member States before securing approval. In the case of Europe’s landmark GDPR, it took four years of negotiation between the Commission’s initial proposal of the regulation and when it received final approval. For some of the Commission’s most ground-breaking proposals, such as the Digital Services Act or the regulatory proposals for AI, a similar period of intensive negotiation may lie ahead. The European Commission is equally ambitious in hoping that many of its initiatives will succeed in setting the golden standard for digital regulation worldwide, as was the case with the EU’s GDPR, which is often deemed to have set the global gold standards for data protection and privacy. It remains to be seen if the European Commission can remain equally successful in setting global standards in an era in which other players, including the US and China, are increasingly attentive to the shaping of the world’s digital rules. The far-reaching implications of digital technology for all aspects of society may mean that this question will be an important test for the EU’s role in the world in the years ahead.