Politics

Five things US companies need to know about the new EU rules

It's going to be a long fight.

Five things US companies need to know about the new EU rules

"The two proposals serve one purpose: to make sure that we, as users, have access to a wide choice of safe products and services online," said Margrethe Vestager, executive vice president of the European Commission and the EU's digital czar.

Photo: Alexandros Michailidis/Getty Images

The European Union on Tuesday proposed a sweeping set of rules to rein in the power of Big Tech, amounting to the most aggressive legislative effort against the industry to date.

The Digital Services Act will require online intermediaries to act more swiftly against illegal content and provide users with more transparency around takedowns. The Digital Markets Act will restrict large companies, labeled "gatekeepers," from engaging in a set of anticompetitive behaviors, including self-preferencing.

"The two proposals serve one purpose: to make sure that we, as users, have access to a wide choice of safe products and services online," said Margrethe Vestager, executive vice president of the European Commission and the EU's digital czar. "This is one world … what is illegal offline is equally illegal online."

The proposals will likely send shockwaves through the global tech industry as companies seek to understand how they will be affected and whether they could run afoul of the rules.

Here's a list of five things U.S. companies should know about this fast-moving effort.

It could be years until these rules take effect.

Tuesday's announcement will kick off years of impassioned negotiations as policymakers and lobbyists work out the contours of the proposals, which are far from becoming law.

The EU took four years to debate the General Data Protection Regulation, and this process is likely to look similar, though it will pull in a smaller array of players because it targets tech specifically.

The European Council, which represents all 27 governments in the bloc, and the European Parliament must approve the pair of proposals before they become law.

Tech intends to fight hard.

Tech companies including Google, Facebook and Twitter have made it clear that they intend to fight hard to sway the direction of the rules. "We look forward to reviewing today's proposals in full, and continued collaboration with the EU Commission, industry and civil society in the coming weeks and months ahead," Twitter said.

Google, Facebook, Amazon, Apple and Microsoft spent about $23 million on lobbying in the EU in the first half of 2019, according to Transparency International, a group that monitors lobbying in the bloc. Their efforts are only set to intensify as they seek to influence all 27 member-nations during the consultation period.

Companies are largely in favor of harmonizing rules across the EU, which will make it easier for them to navigate what they should and shouldn't do. But the proposals as written would subject the companies to potentially enormous fines and even breakups as a "nuclear option," in Vestager's words, a daunting prospect that they're certain to fight.

The Digital Markets Act in particular gets right at the heart of Big Tech's business models with a set of sweeping do's and don'ts. Under the DMA, the EU could force companies to open up their platforms in ways that they never have before, requiring firms to allow third parties to interoperate with their services and give users data about advertising and sales. For example, the proposal could force Amazon to share far more information with its sellers or require Facebook to provide extensive information on how its advertising is working.

It would also create a harsh set of don'ts. Under the DMA, companies like Google and Amazon could not give preference to their own services in search results, and Apple could not block users from removing preinstalled apps.

"While we will review the Commission's proposals carefully over the coming days, we are concerned that they appear to specifically target a handful of companies and make it harder to develop new products to support small businesses in Europe," said Karan Bhatia, vice president of government affairs and public policy at Google.

Taken together, it's likely that Big Tech will fight harder to stave off the most aggressive proposals in the DMA while smaller companies will spend more time on the Digital Services Act.

The Digital Services Act applies far more broadly than Digital Markets Act.

While the DMA is tailored specifically to "gatekeeper" companies, the Digital Services Act would apply to a much wider range of companies: "online intermediary services."

According to the European Commission, the DSA will apply in various ways to intermediary services offering network infrastructure, hosting services such as cloud services, smaller online platforms and the largest online platforms.

The proposal, which is aimed at improving mechanisms for the removal of illegal content, was written to create different requirements for different kinds of companies; for instance, a cloud company would have fewer obligations than a social media platform when it comes to handling content.

All of the companies will be required to provide much more transparency around what kinds of content they remove and why, one of the less controversial asks. They will have to come up with effective mechanisms for users to flag illegal content and will likely be required to allow users to challenge content moderation decisions. If they violate any of the new rules, they could face fines up to 6% of global revenues, a hefty sum.

Beyond that, the largest online platforms could have to submit to external risk auditing and give researchers access to key data.

Tech-funded organizations are already raising concerns about some elements of how the DSA applies to platforms. Iverna McGowan, director of the Center for Democracy & Technology's Europe office, said there's some concern that the draft regulation could expose platforms to more liability for their content moderation decisions and disincentivize them from moderating harmful speech. "We fear that the draft regulation reflects fundamental inconsistencies which would risk undemocratic and discriminatory results," she said, pledging to work with the commission, parliament and council to "address these serious concerns before the proposal proceeds."

The rules could set the stage for global regulations just like GDPR.

Just as GDPR, the EU's far-reaching privacy framework, set the tone for global regulations after it was adopted in 2016, the EU's twin proposals will likely also become the standard that other legislative efforts are held against moving forward.

The U.S. is light-years behind the EU in regulation, and any legislation to emerge from Congress on content moderation or antitrust would be much less aggressive. But the EU's efforts will likely offer some helpful frameworks for U.S. policymakers, particularly its emphasis on "asymmetrical" rules, which apply differently to companies according to their size.

"The Digital Markets Act's emphasis on targeted, digital platform-specific regulations and clear rules of the road can be a model for U.S. policymakers," said Alex Petros, policy counsel at digital rights group Public Knowledge.

Elements of GDPR play a central role in negotiations around a federal privacy bill today, and experts predict there could be a similar effect with the DMA and DSA.

"This seems to be a continuation of … the EU using legislation to become a worldwide leader in tech regulation," said Christoph Schmon, the Electronic Frontier Foundation's international policy director.

Companies have to assess how the rules apply to them.

The new proposals will apply to all tech companies that offer their services in the EU, sweeping up a broad swath of U.S. firms beyond just Facebook and Google. Companies will be expected to decide how the rules apply to them on their own, turning to internal compliance and legal teams, with Brussels stepping in if they think businesses are not identifying themselves correctly. It's likely that many companies will try to avoid being included, particularly in the "gatekeeper" designation.

When it came to GDPR, some companies, like Facebook, created EU-specific privacy processes while others, like Microsoft, decided to change their protocols globally, exporting GDPR-like privacy protections to every country they operate in.

The DMA and DSA will likely set off a similar process as global firms decide whether they can afford to behave differently in the EU than they do in other countries.

There's some fear that the laws will disincentivize smaller companies from offering their services in the EU if the obligations turn out to be too costly, Schmon said. For instance, one provision of the Digital Services Act will require service providers to appoint a legal representative in the EU, a potentially burdensome requirement.

"We hope the future negotiations will seek to make the EU a leader in digital innovation, not just in digital regulation," said Christian Borggreen, the vice president for CCIA Europe, a tech trade group representing Google, Facebook and Amazon.

It's unlikely that most companies will make any sudden moves. Instead, the next chapter in this saga is likely to be defined by herculean lobbying efforts by companies big and small as they seek to influence the end result.

Fintech

Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep Reading Show less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep Reading Show less
FTA
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.
Enterprise

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep Reading Show less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep Reading Show less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.

Enterprise

Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep Reading Show less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories
Bulletins