yesEmily BirnbaumNone
×

Get access to Protocol

I’ve already subscribed

Will be used in accordance with our Privacy Policy

Politics

Five things US companies need to know about the new EU rules

It's going to be a long fight.

Five things US companies need to know about the new EU rules

"The two proposals serve one purpose: to make sure that we, as users, have access to a wide choice of safe products and services online," said Margrethe Vestager, executive vice president of the European Commission and the EU's digital czar.

Photo: Alexandros Michailidis/Getty Images

The European Union on Tuesday proposed a sweeping set of rules to rein in the power of Big Tech, amounting to the most aggressive legislative effort against the industry to date.

The Digital Services Act will require online intermediaries to act more swiftly against illegal content and provide users with more transparency around takedowns. The Digital Markets Act will restrict large companies, labeled "gatekeepers," from engaging in a set of anticompetitive behaviors, including self-preferencing.

"The two proposals serve one purpose: to make sure that we, as users, have access to a wide choice of safe products and services online," said Margrethe Vestager, executive vice president of the European Commission and the EU's digital czar. "This is one world … what is illegal offline is equally illegal online."

The proposals will likely send shockwaves through the global tech industry as companies seek to understand how they will be affected and whether they could run afoul of the rules.

Here's a list of five things U.S. companies should know about this fast-moving effort.

It could be years until these rules take effect.

Tuesday's announcement will kick off years of impassioned negotiations as policymakers and lobbyists work out the contours of the proposals, which are far from becoming law.

The EU took four years to debate the General Data Protection Regulation, and this process is likely to look similar, though it will pull in a smaller array of players because it targets tech specifically.

The European Council, which represents all 27 governments in the bloc, and the European Parliament must approve the pair of proposals before they become law.

Tech intends to fight hard.

Tech companies including Google, Facebook and Twitter have made it clear that they intend to fight hard to sway the direction of the rules. "We look forward to reviewing today's proposals in full, and continued collaboration with the EU Commission, industry and civil society in the coming weeks and months ahead," Twitter said.

Google, Facebook, Amazon, Apple and Microsoft spent about $23 million on lobbying in the EU in the first half of 2019, according to Transparency International, a group that monitors lobbying in the bloc. Their efforts are only set to intensify as they seek to influence all 27 member-nations during the consultation period.

Companies are largely in favor of harmonizing rules across the EU, which will make it easier for them to navigate what they should and shouldn't do. But the proposals as written would subject the companies to potentially enormous fines and even breakups as a "nuclear option," in Vestager's words, a daunting prospect that they're certain to fight.

The Digital Markets Act in particular gets right at the heart of Big Tech's business models with a set of sweeping do's and don'ts. Under the DMA, the EU could force companies to open up their platforms in ways that they never have before, requiring firms to allow third parties to interoperate with their services and give users data about advertising and sales. For example, the proposal could force Amazon to share far more information with its sellers or require Facebook to provide extensive information on how its advertising is working.

It would also create a harsh set of don'ts. Under the DMA, companies like Google and Amazon could not give preference to their own services in search results, and Apple could not block users from removing preinstalled apps.

"While we will review the Commission's proposals carefully over the coming days, we are concerned that they appear to specifically target a handful of companies and make it harder to develop new products to support small businesses in Europe," said Karan Bhatia, vice president of government affairs and public policy at Google.

Taken together, it's likely that Big Tech will fight harder to stave off the most aggressive proposals in the DMA while smaller companies will spend more time on the Digital Services Act.

The Digital Services Act applies far more broadly than Digital Markets Act.

While the DMA is tailored specifically to "gatekeeper" companies, the Digital Services Act would apply to a much wider range of companies: "online intermediary services."

According to the European Commission, the DSA will apply in various ways to intermediary services offering network infrastructure, hosting services such as cloud services, smaller online platforms and the largest online platforms.

The proposal, which is aimed at improving mechanisms for the removal of illegal content, was written to create different requirements for different kinds of companies; for instance, a cloud company would have fewer obligations than a social media platform when it comes to handling content.

All of the companies will be required to provide much more transparency around what kinds of content they remove and why, one of the less controversial asks. They will have to come up with effective mechanisms for users to flag illegal content and will likely be required to allow users to challenge content moderation decisions. If they violate any of the new rules, they could face fines up to 6% of global revenues, a hefty sum.

Beyond that, the largest online platforms could have to submit to external risk auditing and give researchers access to key data.

Tech-funded organizations are already raising concerns about some elements of how the DSA applies to platforms. Iverna McGowan, director of the Center for Democracy & Technology's Europe office, said there's some concern that the draft regulation could expose platforms to more liability for their content moderation decisions and disincentivize them from moderating harmful speech. "We fear that the draft regulation reflects fundamental inconsistencies which would risk undemocratic and discriminatory results," she said, pledging to work with the commission, parliament and council to "address these serious concerns before the proposal proceeds."

The rules could set the stage for global regulations just like GDPR.

Just as GDPR, the EU's far-reaching privacy framework, set the tone for global regulations after it was adopted in 2016, the EU's twin proposals will likely also become the standard that other legislative efforts are held against moving forward.

The U.S. is light-years behind the EU in regulation, and any legislation to emerge from Congress on content moderation or antitrust would be much less aggressive. But the EU's efforts will likely offer some helpful frameworks for U.S. policymakers, particularly its emphasis on "asymmetrical" rules, which apply differently to companies according to their size.

"The Digital Markets Act's emphasis on targeted, digital platform-specific regulations and clear rules of the road can be a model for U.S. policymakers," said Alex Petros, policy counsel at digital rights group Public Knowledge.

Elements of GDPR play a central role in negotiations around a federal privacy bill today, and experts predict there could be a similar effect with the DMA and DSA.

"This seems to be a continuation of … the EU using legislation to become a worldwide leader in tech regulation," said Christoph Schmon, the Electronic Frontier Foundation's international policy director.

Companies have to assess how the rules apply to them.

The new proposals will apply to all tech companies that offer their services in the EU, sweeping up a broad swath of U.S. firms beyond just Facebook and Google. Companies will be expected to decide how the rules apply to them on their own, turning to internal compliance and legal teams, with Brussels stepping in if they think businesses are not identifying themselves correctly. It's likely that many companies will try to avoid being included, particularly in the "gatekeeper" designation.

When it came to GDPR, some companies, like Facebook, created EU-specific privacy processes while others, like Microsoft, decided to change their protocols globally, exporting GDPR-like privacy protections to every country they operate in.

The DMA and DSA will likely set off a similar process as global firms decide whether they can afford to behave differently in the EU than they do in other countries.

There's some fear that the laws will disincentivize smaller companies from offering their services in the EU if the obligations turn out to be too costly, Schmon said. For instance, one provision of the Digital Services Act will require service providers to appoint a legal representative in the EU, a potentially burdensome requirement.

"We hope the future negotiations will seek to make the EU a leader in digital innovation, not just in digital regulation," said Christian Borggreen, the vice president for CCIA Europe, a tech trade group representing Google, Facebook and Amazon.

It's unlikely that most companies will make any sudden moves. Instead, the next chapter in this saga is likely to be defined by herculean lobbying efforts by companies big and small as they seek to influence the end result.

Politics

What tech policy could look like in Biden’s first 100 days

More antitrust laws and bridging the digital divide should be top of mind for the incoming administration.

Antitrust enforcement is one of the big lessons going into the Biden administration.
Photo: Alex Edelman/Getty Images

Although it is too soon to tell with certainty how President-elect Joe Biden will address the questions surrounding tech policy, it is clear that his inaugural transition on Wednesday will affect the world of tech.

Protocol reporters Issie Lapowsky and Emily Birnbaum, virtually met up with panelists Tuesday to discuss what tech policy and regulation could look like in Biden's first 100 days in office — as well as the next four years.

Keep Reading Show less
Penelope Blackwell
Penelope Blackwell is a reporting fellow at Protocol covering ed-tech, where she reports on the decisions leading up toward the advances of remote learning. Previously, she interned at The Baltimore Sun covering emerging news and produced content for Carnegie-Knight’s News21 documenting hate and bias incidents in the U.S. She is also a recent graduate of Columbia University’s Graduate School of Journalism and Morgan State University.
Politics

The DOJ sues Google for monopoly practices — and says there’s more to come

Google's response: 'People use Google because they choose to – not because they're forced to or because they can't find alternatives.'

The DOJ's case revolves around some of Google's antitrust weak spots, including the exclusive, billion-dollar agreements that require mobile-phone manufacturers to keep Google as their default search engine.

Photo: Future Publishing/Getty Images

The Department of Justice sued Google for antitrust violations on Tuesday, setting off what is likely to be a yearslong battle that will indelibly shape the future of the tech industry.

The case, which was filed in federal court in Washington, marks the most aggressive action by the U.S. government against a tech company in decades. The DOJ accuses Google of leveraging its dominant position in search and search-advertising to elbow out rivals and disadvantage competitors.

Keep Reading Show less
Emily Birnbaum

Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.

Power

Companies are 'scrambling' after an EU court kills the EU-US Privacy Shield

More than 5,000 companies rely on the shield. Now they have some work to do.

A complaint filed by Austrian data protection activist Max Schrems led a top EU court to strike down the EU-US Privacy Shield.

Photo: Alex Halada/AFP via Getty Images

Tech companies across the U.S. are scrambling to figure out how they can remain in compliance with international privacy laws after Europe's highest court struck down the EU-US Privacy Shield.

In a win for privacy activists, the Court of Justice of the European Union invalidated the Privacy Shield on Thursday, saying the framework does not adequately protect European users from the U.S. government's far-reaching surveillance laws. The decision will force the 5,384 companies that currently rely on the EU-US Privacy Shield to recalibrate their privacy policies, particularly when it comes to how and why they collect data on EU users.

Keep Reading Show less
Emily Birnbaum

Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.

People

A wall of silence holding back racial progress in tech: NDAs

Tech employees who spoke to Protocol said they experienced racism and discrimination in the workplace but can't speak out for fear of retribution from their employers.

Many people of color who work in the tech industry find themselves unable to speak out about instances of racial discrimination because they are bound by stringent NDAs.

Image: Markus Spiske/Kristina Flour/Protocol

Earlier this month, Pariss Athena appeared on a podcast to discuss her experiences as a Black woman in web development. During the wide-ranging conversation, she mentioned that she had experienced racism while interning at a large tech company in 2017.

Almost immediately after the podcast was published, Athena asked the host to take it down. She'd forgotten she was under a nondisclosure agreement, or NDA, with the company she interned with and feared she could face legal retribution.

Keep Reading Show less
Emily Birnbaum

Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.

Latest Stories