Welcome to our first EU Policy Update! Bureaucrats and politicians have as much power over your business as you do. We've distilled everything you need to know about what they're up to in the text below - worth a few minutes to avoid getting sideswiped!
In This European Policy Update
Section quick links below.
The European Union
The Next 5 Years Of European Leadership
It’s the beginning of a new political (and legislative!) cycle in Brussels. As we already pinged you, political decisions and new rules affecting the tech industry are ahead. As of July 1st, the newly elected presidents and representatives of the European institutions have taken office. This includes:
The European Commission President: the former German Defense Minister Ursula von der Leyen.
The President of the European Council: the former Belgian Prime Minister Charles Michel
The President of the European Parliament: the Italian Socialist MEP David Sassoli
The High Representative for Foreign Policy: Spanish Foreign Minister Josep Borrell
The President of the European Central Bank: the former French chief of the International Monetary Fund (IMF) Christine Lagarde
The European Parliament has also released a helpful infographic noting all the new MEPs here: Who's Who: Overview Of Parliament's Leadership At The Start Of 2019-2024 Term. Looking for your representative? A full list of all MEPs can be found here.
Von der Leyen’s Commission
While it has not been formally decided yet (the new commission structure and appointments will be decided in September). The Member States will have to put forward their proposals until the end of August.
UPDATE: On September 9th Ursula von der Leyen presented the full list of Commissioners-designate. On September 10th the attribution of portfolios will be announced. These will set the the way the organisation of the next European Commission’s work. After the hearings of the Commissioners-designate, the Parliament will give its consent and the European Council will formally appoint the new Commission which should start from November 1st.
Meet The New European Parliament Committees
The European Parliament's Committee on Legal Affairs (JURI) handled the legislative draft proposals of GDPR and the modernisation of the EU copyright rules.
GDPR’s impact is widely known. It regulates the processing of an individual, a company, or an organisation’s personal data relating to individuals in the EU. Data such as name, email, IP address, or health records. Its aim was to give control to the European citizens over their personal data.
For another example, one of the main impact of the new EU copyright framework is making internet platforms directly liable for content uploaded to their site and by automatically giving the right to news publishers to negotiate deals on behalf of its journalists for news stories used by news aggregators.
This committee’s impact on software businesses and businesses that develop or use software as part of their business cannot be understated.
The new committee:
Lucy Nethsingha, Renew Europe, United Kingdom, as Chair
Sergey Lagodinsky, Greens/European Free Alliance, Germany, as first Vice-Chair
Marion Walsmann, European People's Party, Germany, as second Vice-Chair
Ibán Garcia Del Blanco, Socialists & Democrats, Spain, as third Vice-Chair
Raffaele Stancanelli, European Conservatives & Reformists, Italy, as fourth Vice-Chair
The Internal Market and Consumer Protection Committee (IMCO) is among the most active and relevant regulating committees for many developers and software building businesses. It is involved in all negotiations on draft legislative proposals affecting the platform economy. For example, IMCO was the leading committee in negotiations on P2B (Platform To Business) Regulation. IMCO will be the decisive actor in the reform of the eCommerce Directive, which will amend rules regarding platform liability.
The new committee:
Petra De Sutter, Greens/European Free Alliance, Belgium, as Chair
Pierre Karleskind, Renew Europe, France, as first Vice-Chair
Maria Grapini, Socialists & Democrats, Romania, as second Vice-Chair
Róża Thun, European People's Party, Poland, as third Vice-Chair
Maria Manuel Leitão Marques, Socialists & Democrats, Portugal, as fourth Vice-Chair
ITRE is responsible for the EU Cybersecurity Act. The Act provided a unified cyber security framework for use in all EU countries as well as bolstering the EU Agency for cybersecurity (ENISA). Due to this companies doing business in the EU benefit from only having to certify their ICT products, processes and services only once and see their certificates recognised across the European Union. These sort of acts give the ITRE major influence on software development cycles.
The new committee:
Adina-Ioana Vălean, European People's Party, Romania, as Chair
Zdzisław Krasnodębski, European Conservatives & Reformists, Poland, as first Vice-Chair
Morten Petersen, Renew Europe, Denmark, as second Vice-Chair
Patrizia Toia, Socialists & Democrats, Italy, as third Vice-Chair
Lina Galvez Muñoz, Socialists & Democrats, Spain, as fourth Vice-Chair
The European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) is the EU’s primary regulator on in the realms of privacy and access to data. For example, LIBE’s proposal for a Regulation on ePrivacy is intended to supplement GDPR, imposing strict confidentiality rules to all electronic communication services (including apps), not only to telecoms. It also aims to amend the present cookie rules. The proposed amendments could have a severe negative impact on online advertising and ad-based digital business models.
The new committee:
Juan Fernando López Aguilar, Socialists & Democrats, Spain, as Chair
Maite Pagazaurtundúa, Renew Europe, Spain, will be first Vice-Chair,
Pietro Bartolo, Socialists & Democrats, Italy, will be second Vice-Chair, and
Emil Radev, European People's Party, Bulgaria, will be fourth Vice-Chair.
The election of the third Vice-Chair was postponed.
Privacy & Data Usage
New Guidelines On Cookie Consent
The French Data Protection regulator CNIL (Commission Nationale de l'Informatique et des Libertés or National Commission on Informatics and Liberty) published new guidelines on cookie consent. Companies have six months to comply. Two notable changes: continuing to surf on a website can no longer be regarded as valid consent for tracing with cookies and companies tracking users will have to prove that they have obtained consent. The data protection authority will engage with stakeholders in the coming months, and draft an additional recommendation which should be published in early 2020. This will envisage the practical modalities for obtaining consent.
New Transparency & Consent Framework For European Advertisers
IAB Europe (the European-level association for the digital marketing and advertising ecosystem) published on August 21st the second iteration of the 'Transparency & Consent Framework (TCF)'. The TCF is an industry tool that supports companies within the digital advertising ecosystem as they manage their compliance obligations under the GDPR and ePrivacy Directive.
UK Online Platforms And Digital Advertising Market Study
UK Competition and Markets Authority (CMA) announced that it has launched a market study into online platforms and digital advertising market. The Developers Alliance is closely following this market investigation. Based on this, CMA could propose in the near future measures which could limit the business models based on advertising revenues (e.g. free or freemium apps).
Additionally, the UK Centre for Data Ethics and Innovation published interim reports on July 19th regarding its two major reviews into online targeting and bias in algorithmic decision-making.
Phase Two Of Algorithmic Awareness Raising Pilot Project Begins
Around the world governments are looking for mechanisms that explain to users how algorithms are making decisions - how and why they get shown what content or ads they see, text or voice assistant protocols, and more. All of which will have big implications for the future development of AI, particularly if a regulations should be passed due to the results of the studies
The European Commission started the 2nd phase of the Algorithmic Awareness Raising pilot project. The project originally came at the request of the European Parliament, publishing a call for tender for an Exploratory Study on Governance and Accountability Mechanisms for Algorithmic Systems. The Algorithmic Awareness Raising pilot project (a 16 month study that began in March 2018) has analysed the state-of-the-art in algorithmic decision-making, including academic literature and an index of policy, regulatory, civil society and industry approaches, and is exploring case studies for specific areas of application. The study will converge towards designing an appropriate ‘policy toolbox’ for the concerns and opportunities emerging. Building on the first study, the second phase of the project will focus more in detail on two emerging policy tools for addressing risks and furthering the understanding of algorithmic decision-making systems. Specifically, it will focus on exploring future policy tools for regulatory oversight of algorithmic systems, where appropriate, and design a series of prototypes and model technical approaches to address specific issues in algorithmic decision-making in the context of online platforms. The findings are expected to inform the Commission, as well as other interested policy and regulatory bodies, on the opportunities and pitfalls of such approaches and to inform policy options in the near- and longer-term.
GDPR Review Reports Incoming
The European Commission issued a communication July 24th on GDPR (the General Data Protection Regulation), detailing its report on the implementation of the regulation in the first year of application. The verdict: the regulation has shown some of the Commission’s desired shows results, but will need work to continue effectively. Additionally, the EU Council will prepare an evaluation of the General Data Protection Regulation's application by the end of the year.
Microsoft Projects Tackle “Removing Barriers To Data Innovation”
Microsoft proposed a set of initiatives for common standards to share data. “To help make it easier for individuals and organizations to share data, we’re offering a set of draft agreements for consideration by the community, each designed to address a specific data sharing challenge.” There are three data use agreements addressed to the organizations that want to share data. The “OpenUse of Data Agreement (O-UDA)” and the “Computational Use of Data Agreement (C-UDA)” were published on GitHub July 19th.
German Digital Supply Law Draft Approved”
On July 10th, the German Cabinet approved the draft of a “digital supply law”, which will enable doctors to prescribe health apps that allow patients to record their blood sugar levels or blood pressure.
Cross Border Data Flows
CLOUD Act Impact Response Published
July 11th, the EPDB-EDPS published their joint response to the LIBE Committee on the impact of the US CLOUD Act on the European legal framework for personal data protection. For those unfamiliar with the controversial American law, the Clarifying Lawful Overseas Use of Data Act or CLOUD Act, amends sections of the Stored Communications Act (or SCA) of 1986. These laws require that companies who are headquartered within the US must provide warrant-requested data to US law enforcement agencies. Regardless of where the data is stored across the world. The law was passed in 2018. European politicians in particular have found the law contentious.
Irish Data Protection Commission Court Of Justice Hearing
On July 9th a hearing was held at the European Court of Justice over the Irish Data Protection Commission (DPC) refusal to make a decision on whether Facebook could transfer the personal data of Europeans to the United States. Here’s a FAQ from the International Association of Privacy Professionals (IAPP) on what this case means for data transfers between the two sides of the Atlantic.
First Feedback From The Implementation Of The Portability Regulation By Free Online Video Services
The European Audiovisual Observatory published the report “First Feedback From The Implementation Of The Portability Regulation By Free Online Video Services” on July 9th. It was co-funded by the Creative Europe Programme. The Portability Regulation became applicable in EU one year ago.
French Digital Tax Adopted
Think digital tax only affects big companies? Not if apps end up collecting and reporting all the local ad data!
France adopted the digital tax, a levy of 3% on the total annual revenues, applying to any digital company with revenues of more than €750m ($850m; £670m) - of which at least €25m is generated in France. It will be retroactively applied from early 2019. The Office of the U.S. Trade Representative formally opened an investigation into the French digital services tax as an unfair trade practice, a step that could eventually result in tariffs.
The U.K. government announced a new digital services tax for the next Finance Bill. The government has put forward a 2-percent tax on the revenues of search engines, social media platforms and online marketplaces, but is willing to withdraw the levy when an international framework is agreed at OECD-level.
Pilot Project "Platform(s) For Cultural Content Innovation" - Call For Proposals
They're giving away money!
On July 18th the European Commission opened a call for proposals, with a maximum aid intensity of 60% of the total eligible costs of the projects. The deadline is set September 20th 2019. The Commission offered the following:
“In order to incentivise European content industries to nurture and embrace innovation and take up new technologies and to help them to sustain their position as pioneers in the digital era, the Commission will implement the pilot project "Platform(s) for cultural content innovation."
Competition & Platforms
P2B Regulation Published
Regulation (EU) 2019/1150 of the European Parliament and of the Council on promoting fairness and transparency for business users of online intermediation services, also known as the P2B Regulation, was published in the EU Official Journal on July 11th. It shall apply from 12 July 2020. The Regulation sets up framework rules for online platforms and marketplaces (app stores too!) operating in EU. These include transparency obligations regarding ranking and certain business practices, strict rules on certain practices (e.g. account suspension, T&C changes) and on managing dispute resolution. The changes will heavily impact the operators of the major app stores, but also of other market places, amongst others.
Competition Regulations Requested
On July 4th, France, Germany, and Poland issued a joint statement inviting the European Commission to modernize its competition rules. These rules regulate how platforms, apps, and other digital players compete with each other. In recent years, this has become a talking point for politicians across the globe. Changes to these platforms could mean vastly more complex development cycles for application and software developers. The European Commission and Competition Authorities decisions in competition cases could have a significant impact on the developers community ecosystem (e.g. Android case).
Additionally however, the competition authorities of G7 member countries called on their governments to safeguard competition when reforming rules for the digital age in a joint statement. In the July 18th statement, the enforcers pushed back against a major overhaul of competition rules, saying that existing rules were sufficiently flexible to deal with the challenges posed by the digital economy. They noted that only specific tools, resources or skills would benefit from an update. They also warned of policies or regulations that could unnecessarily restrict competition in digital markets.
Commission Calls For Study On Economic Impact of Open Source Software
The Commission also published a call for tender to launch a study investigating the economic impact of open source software (OSS) and open source hardware (OSH) on the European economy. In November 2019, the European Commission will be organising a workshop to analyse the future of Open Source Software and hardware. The workshop will bring stakeholders together to discuss current challenges, opportunities, R&I, economic and policy-making issues will be covered. More specifically, the workshop will focus on:
The role of Open Source as innovation enabler
How Open source can contribute towards the technological independence of Europe
Open source in the industry and the public sector