Source Code: Your daily look at what matters in tech.

yesEmily BirnbaumNone
×

Get access to Protocol

Will be used in accordance with our Privacy Policy

I’m already a subscriber
Politics

Five things US companies need to know about the new EU rules

It's going to be a long fight.

Five things US companies need to know about the new EU rules

"The two proposals serve one purpose: to make sure that we, as users, have access to a wide choice of safe products and services online," said Margrethe Vestager, executive vice president of the European Commission and the EU's digital czar.

Photo: Alexandros Michailidis/Getty Images

The European Union on Tuesday proposed a sweeping set of rules to rein in the power of Big Tech, amounting to the most aggressive legislative effort against the industry to date.

The Digital Services Act will require online intermediaries to act more swiftly against illegal content and provide users with more transparency around takedowns. The Digital Markets Act will restrict large companies, labeled "gatekeepers," from engaging in a set of anticompetitive behaviors, including self-preferencing.

"The two proposals serve one purpose: to make sure that we, as users, have access to a wide choice of safe products and services online," said Margrethe Vestager, executive vice president of the European Commission and the EU's digital czar. "This is one world … what is illegal offline is equally illegal online."

The proposals will likely send shockwaves through the global tech industry as companies seek to understand how they will be affected and whether they could run afoul of the rules.

Here's a list of five things U.S. companies should know about this fast-moving effort.

It could be years until these rules take effect.

Tuesday's announcement will kick off years of impassioned negotiations as policymakers and lobbyists work out the contours of the proposals, which are far from becoming law.

The EU took four years to debate the General Data Protection Regulation, and this process is likely to look similar, though it will pull in a smaller array of players because it targets tech specifically.

The European Council, which represents all 27 governments in the bloc, and the European Parliament must approve the pair of proposals before they become law.

Tech intends to fight hard.

Tech companies including Google, Facebook and Twitter have made it clear that they intend to fight hard to sway the direction of the rules. "We look forward to reviewing today's proposals in full, and continued collaboration with the EU Commission, industry and civil society in the coming weeks and months ahead," Twitter said.

Google, Facebook, Amazon, Apple and Microsoft spent about $23 million on lobbying in the EU in the first half of 2019, according to Transparency International, a group that monitors lobbying in the bloc. Their efforts are only set to intensify as they seek to influence all 27 member-nations during the consultation period.

Companies are largely in favor of harmonizing rules across the EU, which will make it easier for them to navigate what they should and shouldn't do. But the proposals as written would subject the companies to potentially enormous fines and even breakups as a "nuclear option," in Vestager's words, a daunting prospect that they're certain to fight.

The Digital Markets Act in particular gets right at the heart of Big Tech's business models with a set of sweeping do's and don'ts. Under the DMA, the EU could force companies to open up their platforms in ways that they never have before, requiring firms to allow third parties to interoperate with their services and give users data about advertising and sales. For example, the proposal could force Amazon to share far more information with its sellers or require Facebook to provide extensive information on how its advertising is working.

It would also create a harsh set of don'ts. Under the DMA, companies like Google and Amazon could not give preference to their own services in search results, and Apple could not block users from removing preinstalled apps.

"While we will review the Commission's proposals carefully over the coming days, we are concerned that they appear to specifically target a handful of companies and make it harder to develop new products to support small businesses in Europe," said Karan Bhatia, vice president of government affairs and public policy at Google.

Taken together, it's likely that Big Tech will fight harder to stave off the most aggressive proposals in the DMA while smaller companies will spend more time on the Digital Services Act.

The Digital Services Act applies far more broadly than Digital Markets Act.

While the DMA is tailored specifically to "gatekeeper" companies, the Digital Services Act would apply to a much wider range of companies: "online intermediary services."

According to the European Commission, the DSA will apply in various ways to intermediary services offering network infrastructure, hosting services such as cloud services, smaller online platforms and the largest online platforms.

The proposal, which is aimed at improving mechanisms for the removal of illegal content, was written to create different requirements for different kinds of companies; for instance, a cloud company would have fewer obligations than a social media platform when it comes to handling content.

All of the companies will be required to provide much more transparency around what kinds of content they remove and why, one of the less controversial asks. They will have to come up with effective mechanisms for users to flag illegal content and will likely be required to allow users to challenge content moderation decisions. If they violate any of the new rules, they could face fines up to 6% of global revenues, a hefty sum.

Beyond that, the largest online platforms could have to submit to external risk auditing and give researchers access to key data.

Tech-funded organizations are already raising concerns about some elements of how the DSA applies to platforms. Iverna McGowan, director of the Center for Democracy & Technology's Europe office, said there's some concern that the draft regulation could expose platforms to more liability for their content moderation decisions and disincentivize them from moderating harmful speech. "We fear that the draft regulation reflects fundamental inconsistencies which would risk undemocratic and discriminatory results," she said, pledging to work with the commission, parliament and council to "address these serious concerns before the proposal proceeds."

The rules could set the stage for global regulations just like GDPR.

Just as GDPR, the EU's far-reaching privacy framework, set the tone for global regulations after it was adopted in 2016, the EU's twin proposals will likely also become the standard that other legislative efforts are held against moving forward.

The U.S. is light-years behind the EU in regulation, and any legislation to emerge from Congress on content moderation or antitrust would be much less aggressive. But the EU's efforts will likely offer some helpful frameworks for U.S. policymakers, particularly its emphasis on "asymmetrical" rules, which apply differently to companies according to their size.

"The Digital Markets Act's emphasis on targeted, digital platform-specific regulations and clear rules of the road can be a model for U.S. policymakers," said Alex Petros, policy counsel at digital rights group Public Knowledge.

Elements of GDPR play a central role in negotiations around a federal privacy bill today, and experts predict there could be a similar effect with the DMA and DSA.

"This seems to be a continuation of … the EU using legislation to become a worldwide leader in tech regulation," said Christoph Schmon, the Electronic Frontier Foundation's international policy director.

Companies have to assess how the rules apply to them.

The new proposals will apply to all tech companies that offer their services in the EU, sweeping up a broad swath of U.S. firms beyond just Facebook and Google. Companies will be expected to decide how the rules apply to them on their own, turning to internal compliance and legal teams, with Brussels stepping in if they think businesses are not identifying themselves correctly. It's likely that many companies will try to avoid being included, particularly in the "gatekeeper" designation.

When it came to GDPR, some companies, like Facebook, created EU-specific privacy processes while others, like Microsoft, decided to change their protocols globally, exporting GDPR-like privacy protections to every country they operate in.

The DMA and DSA will likely set off a similar process as global firms decide whether they can afford to behave differently in the EU than they do in other countries.

There's some fear that the laws will disincentivize smaller companies from offering their services in the EU if the obligations turn out to be too costly, Schmon said. For instance, one provision of the Digital Services Act will require service providers to appoint a legal representative in the EU, a potentially burdensome requirement.

"We hope the future negotiations will seek to make the EU a leader in digital innovation, not just in digital regulation," said Christian Borggreen, the vice president for CCIA Europe, a tech trade group representing Google, Facebook and Amazon.

It's unlikely that most companies will make any sudden moves. Instead, the next chapter in this saga is likely to be defined by herculean lobbying efforts by companies big and small as they seek to influence the end result.

Latest Stories