Bad Reporting of EU Tech Policy and Regulation in the Media: How to Recognise it and How to Get the Real Picture

While there can be no doubt that EU tech policy cannot be considered the sexiest topic on the planet, it is nevertheless covered very frequently in the media. In the era of privacy leaks, government surveillance, AI and streaming, to name but a few, it is also very relevant. It is not surprising, therefore, that reputable newspapers often cover real and imagined EU activities with vigour. A careful reader would, however, find that articles written by experienced journalists often carry sensationalist titles. Even more surprisingly, such a reader would have difficulties confirming the article’s claims on EU’s own portals. The reporting is often incoherent, confuses different policy areas and rarely quotes original sources or points the reader in the wrong direction. This was particularly obvious in the recent wave of coverage of global platforms such as Google and Facebook. Here are some of the examples:

On March 14, 2018, Reuters carried a story with a bombastic title: “Google, Apple face EU law on business practices”. The article claims that the EU is “drafting a new regulation”, that this regulation will be “specifically targeting online platforms” and that it will ask companies to be more transparent on how they rank search results. The same story was subsequently carried, almost verbatim, by a number of newspapers and online portals, including the Financial Times, the EU Bulletin and Business Review. Anybody being even vaguely familiar with the EU’s Digital Single Market project would be surprised at such statements. This is more so since the Commission’s own 2016 Communication on Platforms states that no new directive or regulation on platforms is forthcoming nor does it list search engine ranking algorithms as being under scrutiny. While the Commission is not organised in the way it presents its activities, it rarely acts without proper announcement.

What is the origin of the story, then? The mystery is not very deep. A careful reader would notice that a new EU package on consumer law appeared on April 11. Part of that package is a proposed Directive updating a bunch of EU consumer laws (informed, among other things by a behavioural study on transparency in online platforms), including the 2005 Unfair Commercial Practices Directive. Suggested as one of the changes is the new Article 6a, applying to online marketplaces. It says that “the main parameters determining ranking of offers presented to the consumer as result of his search query on the online marketplace” must be disclosed to consumers or the practice would be considered an unfair one. More interesting, however, is the Commission’s work on fairness in platforms-to-business relations. As part of the 2015 Strategy’s promise to look at platforms, the Commission promised to look at transparency of trading practices of online platforms. The inception impact assessment, published in late 2017, looks at three legislative options: soft law, targeted EU instrument coupled with industry-led action or detailed EU principles. Whoever wrote the original Reuters article would have seen the work on the consumer package and/or seen the transparency document on fairness in platform-to-business relations and may have also seen a draft document as an outcome of one of the three options. They then constructed the story which, while containing elements of truth, is still considerably off the mark. It is also worth noting that even modestly controversial EU proposals get significantly modified and are occasionally withdrawn where the Council and the Parliament cannot reach an agreement. What will happen, at best, is that a proposal will be tabled and discussed at length.

Another article appeared in Financial Times on April 17. It claimed that EU is “to give judges power to seize terror suspect emails and texts”. It begins with the familiar “Brussels is planning” words and goes on to say that judges will get “the power to seize emails and text messages of terror suspects” and that the Commission “will propose giving national judges the extraterritorial power to order companies to hand over ‘e-evidence’ held in servers in another EU country or outside of the bloc.” While this sounds both dramatic and controversial, readers would be hard pressed to understand which regulatory platform this proposal falls under, which DGs might be involved, where to find the policy document, how to follow the developments or how this proposal fits in the broader Digital Single Market Strategy. A much more coherent (albeit shorter) account of the affair is to be found on Politico’s website. There, it is clarified that the proposal is part of the Commission’s drive to improve taking of e-evidence and outlines its main features as well as differences from the current regime. Crucially, the article identifies that this is part of the effort to achieve a “common judicial area” and that it only applies to serous crime. A casual look at the Commission’s website on taking cross-border evidence would reveal that this is indeed part of an ongoing effort in cross-border judicial cooperation, that “European Investigation Order” is already in force and that work continues on the “European Production Order”. While the FT article is not entirely wrong in its reporting, the value it adds to the debate is minimal.

Similar stories are to be found all over the Internet. It is usually easy to recognise them as they are rarely specific and are usually framed in the clichéd “Brussels plans” or “EU threatens” style. How is the reader to find out what is really behind the story?

The first step is to identify the area the tech policy belongs to. Very roughly, three regulatory circles exist in the EU’s Digital Single Market effort. Information society services are regulated under the e-commerce framework (here also including copyright, privacy, speech regulation, etc.) Telecoms regulatory framework covers telecoms networks and services. Finally, media under editorial control are subject to Audio-Video Media Services Directive (AVSMD). The circles, although distinct, overlap. Privacy, for example, is subject both to e-commerce rules (GDPR) and telecoms rules (ePrivacy regulation) which means that a full picture can only be obtained by looking at both.

The second step is to identify the general EU policy in the area in question. The 2015 Digital Single Market Strategy should always be consulted as should any other statements that further clarify the political EU position of a particular issue. For platforms, for example, there exists the Communication (mentioned above), but also the 2017 Communication and the 2018 Recommendation on Illegal Content online. The formation of a potential proposal is always followed by various studies the Commission publishes (usually outsourced to think tanks) as well as stakeholder consultations, speeches and announcements on web sites. The platform law above, for instance, is preceded by the already-mentioned inception study and the behavioural study on transparency.

The third step is to check whether any policy ideas identified in steps 1 and 2 have been transformed into legislative proposals. Privacy, consumer protection, cybersecurity, copyright, telecoms, AVMS services and e-commerce all have their own websites (sometimes multiple ones at different institutions). These not only summarise present laws but explain policies and plans for future regulation. Further to that, stakeholders are often engaged in commenting on relevant proposals, both officially (as part of the Commission’s fact-finding exercise) and in their own reports, blogs, etc. Such documents are invaluable for gauging public and professional opinion. The final step would be to confirm that proposals are about to become laws. Existing proposals can be traced through the Legislative Observatory.

While the above may seem banal, it is rarely followed, which results in confusing and messy reporting. Although it may sometimes seem that proposals come “out of the blue”, this is in reality almost never the case as significant preparatory work is needed and the Commission launches initiatives based on plans announced in strategy documents. In other words, the Commission maintains a certain degree of transparency for political and budgetary reasons and has no political mandate to randomly tackle issues not otherwise announced as part of a wider political agenda. In such circumstances, it becomes very important to place the news in their proper context.

Advertisements

The EU Reform of Consumer Law: A Quick Overview of the “New Deal”

After promising a comprehensive revision of consumer law in September 2017, and in light of the fitness check published in May 2017, on 11 April 2018 the Commission published the New Deal for Consumers. In justifying the need for the reform, the Commission states that, while the current substantive rules are “fit for purpose, their effectiveness is hindered by lack of awareness and by insufficient enforcement and consumer redress opportunities.“ The new package is mainly designed to stop and deter infringements (more effective prevention) and ensure redress when needed (better enforcement).

The present EU consumer law framework consists of a patchwork of rules dating to different periods. It has largely not been touched since the 2011 Consumer Rights Directive had been adopted.1 While this framework functions relatively well,2 it has not been subject to serious updates for eight years. In the meantime, new challenges have arisen, including an unprecedented rise in online sales, digitization of the society and more aggressive profiling and tracking. The New Deal brings the framework in line with the new digital reality.

The reform consists in a Communication and two proposals for Directives:

  • Communication on A New Deal for Consumers. This document simply summarises the status quo, states the objectives and explains what each of the two directives do.
  • Proposal for a Directive on representative actions for the protection of the collective interests of consumers. This directive introduces a collective redress right in cases where groups of consumers have suffered harm. Consumer organisations would, under this proposal, be able to demand redress.
  • Proposal for a Directive on better enforcement and modernisation of EU consumer protection rules. This proposal aims to modernise consumer law, in particular enforcement. It does so by modifying the 1993 Unfair Terms, the 1998 Consumer Protection, the 2005 Unfair Practices and the 2011 Consumers Rights directives.

The changes that the proposed directives bring can be summarised as follows:

  1. In terms of the new collective redress: Qualified entities will be able to commence actions representing consumers’ collective interests. The proposed Directive is not a full harmonisation, leaving Member States the opportunity to introduce other collective remedies. The Directive would apply to infringements of EU law involving consumers’ collective interests and listed in the Annex. Collective interests are defined simply as those affecting multiple consumers (e.g mass recalls, delays, faults, etc.) The Directive does not change Member States’ laws regarding other available actions, nor does it affect private international law issues (other than to make class actions possible). Qualified entities are to be designated by Member States.
  2. 2005 Unfair Commercial Practices Directive: a new right to individual remedies for consumers is introduced in Article 11a and the rules on penalties have been strengthened. While the 2005 Directive prohibited a number of practices, it did not introduce specific redress, leaving this issues to the Member States. This is changed in the new proposal. As for penalties, a list of common, non-exhaustive criteria for assessing the gravity of infringements is introduced in Article 13 of the Directive. Particularly significant, however, for ‘widespread infringements’ and ‘widespread infringements with a Union dimension’, Member States will be required to introduce law fines for the maximum amount of at least 4% of the trader’s turnover. In terms of paid placements and paid inclusion, the proposal asks that search results in response to the consumer’s online search query also be included as unfair commercial practice when such paid inclusion is not declared.
  3. 2011 Consumer Rights Directive: the proposal has a number of important additions. It brings the Directive in line with the ‘digital content’ and ‘digital services’ as defined in the proposed Digital Content Directive. A new Article 6a provides specific additional pre- contractual information requirements for contracts concluded on online marketplaces (including ranking parameters, whether the party is a trader, consumer rights arising, etc.), thus increasing consumer transparency in online marketplaces. The proposal also amends the Directive in terms of a number of other issues between traders and consumers, effectively removing unnecessary burden from businesses.
  4. 1993 Unfair Contract Terms: a new article on penalties in inserted.
  5. 1998 Price Indication Directive: article on penalties is amended.

While it is difficult to give a comprehensive assessment of the changes at this early stage, it seems that the new provisions on collective redress and significantly increased fines would have an immediate effect. EU consumer laws are already among the most robust in the world and this reform would both update them and strengthen them.3 On the other hand, it also seems clear that more frequent and increasingly invasive privacy incursions, coupled with ever more subtle modes of tracking consumers and influencing their behaviour, warrant new approaches. It is, therefore, questionable to what extent the EU framework is capable of answering these challenges.

  1. The 1993 Unfair Contract Terms Directive, the 2005 Unfair Commercial Practices Directive and the 2011 Consumer Rights Directive are the key laws.
  2. In that no open calls for its thorough reform have been heard.
  3. This is in addition to new privacy rules, coming into effect in May 2018.

Rule by Decree Part II: How the Commission Undermines Rule of Law by Attempting to Regulate Online Content by Issuing Edicts

In its most simple form, the rule of law can be defined as a way of restricting arbitrary power by subjecting everyone to democratically passed and fairly applied and enforced laws. Such laws are subject to proper procedure and judicial oversight. Rule by Decree, on the contrary, is represented by quick and unaccountable creation by laws favoured by despots.

In March 2017, I have commented on this blog, on the Commission’s attempt to regulate large platforms such as Facebook, Google and others by politely asking them to take action in the field of unfair contracts terms and removing fraud & scams. I have commented at that point that, rather than giving the Commission ex ante enforcement powers, the Treaty only gives it the right to propose laws and to occasionally partake in oversight of the ones that already exist. Where such laws do not exist, because the proper agreement lacks, they cannot and should not be replaced by letters demanding action from individual corporations.

In September 2017, the Commission extended its ambition to regulate platforms by proposing to monitor illegal content on online platforms. In that dubious document, the Commission asserted that “what is illegal offline is also illegal online” and demanded that “platforms” step up the fight against illegal content online. In summary, the document demanded that platform do more to tackle illegal content and take “proactive measures” to detect and remove such content. The Commission kept repeating that the proposed demands do not conflict with the limitations of ISP liability of Articles 12-15 of the E-Commerce Directive but did little to explain how this conflict could be resolved in practice.1 Further to that, different kinds of “illegal” content were all bundled under one title thus putting such issues as child pornography, hate speech, terrorism, commercial fraud and copyright infringement all under one hat. Already at that point, the Commission had been warned that its position is contradictory and dangerous for free speech.

Good laws cannot be replaced by decrees.

Having learned little from the criticism, the Commission marched on and issued a set of operational measures (in the form of Recommendation) leaning on the September 2017 Communication and targeting “companies and Member States” and threatening legislation if these fail to be effective. In it, the Commission calls for

  • Clearer ‘notice and action’ procedures
  • More efficient tools and proactive technologies
  • Stronger safeguards to ensure fundamental rights, in particular when automated tools are used for removal
  • Special attention to small companies
  • Closer cooperation with authorities

Special rules are introduced for “terrorist” content online and this inlcudes

  • the obligation to remove such content within an hour of referral
  • faster detection and removal
  • better referral
  • regular reporting to the Commission, in particular about referrals

While the criticism concerning the September 2017 communication still stands, new concerns have to be added. They can be summarised as follows:

  1. The Guidelines lack effective safeguards against abuse. Points 1.11 and 1.12 require only that content providers be given the right to contest the decision “within a reasonable time period“ and through a “user-friendly” mechanism. Point 18 encourages “proportionate and specific proactive measures” in tackling illegal content in particular by automated means. Points 19 and 20 call for “effective and appropriate safeguards” but, essentially, leave this issue to Member States, further increasing disparity between them and fostering confusion. Point 21 unhelpfully and vaguely calls for protection against abuse without being specific on what this protection might constitute in.
  2. The Guidelines are in direct conflict with Article 15 of the E-Commerce Directive. That article explicitly states that Member States shall not impose a general obligation to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity. While it is perfectly possible and allowed, in a civil and democratic society, to repeal this article, this has not happened yet.
  3. The Guidelines bundle different kinds of illegal content. Illegal content is defined in point 1.4.b as “any information which is not in compliance with Union law or the law of a Member State concerned”. The definition is unacceptably wide. Furthermore, it conflates content which is illegal at EU level (because of harmonisation efforts) with material that is illegal only in some states which, in turn, also brings subsidiarity into play (for, why would Member States transfer issues concerning locally-illegal content onto EU). Further to that, copyright, hate speech, child pornography and terrorist content require vastly different monitoring and enforcement tools. It makes no sense to treat them as one.
  4. Finally, and most importantly, good laws cannot be replaced by decrees. The Commission understands all too well that an effort to pass legislation on hate speech alone (never mind anything else covered by the Recommendation) would require lengthy public consultations, acrimonious disputes between stakeholders and endless negotiations as texts progress through various committees in the effort to find a compromise between the Parliament and the Council. Whereas soft law is a legitimate and useful governance tool, it is defined by its non-binding character.2 A recommendation that threatens legislation unless it reaches its desired effect is not soft law, it is a decree. We should remind the Commission that the reason why EU Internet laws have been a success3 is precisely because democratic procedures have been respected. It may be tempting to make shortcuts but this undermines the legitimacy of EU institutions and will ultimately do little to combat illegal content.
  1. In fact, it got into trouble for exactly the same reasons with another badly-formulated proposal – Copyright in the Digital Single Market.
  2. As evidenced, among others, in Article 288 TFEU.
  3. The E-Commerce and InfoSoc directives have lasted over 17 years while the Data Protection Directive is over 20 years old.

A Short Explanation of the Uber Judgment: How to Regulate “Composite” Services

On December 20, the CJEU delivered its long-anticipated judgment in the Uber case. This follows the application, submitted on 16 October 2015, and Advocate General Szpunar’s opinion delivered on 11 May 2017. The anticipation which surrounds the case arises from the potential it may have on disruptive business models that rely on electronic commerce.

The dispute arises from an action before Spanish courts by a Barcelona taxi association seeking a declaration that Uber Spain violates Spanish competition laws. In order to answer that question, it was necessary to determine whether Uber needed prior administrative authorisation which, in turn, required that it be determined whether Uber services were transport services, information society services or a combination of both. It is the latter question that got referred to CJEU. If Uber is an information society service (which was Uber’s argument in the main proceedings), it would not require authorisation. If, on the other hand, it is a transport service (the taxi association’s argument), it would be subject to the same authorisation as regular taxi associations.

Both the AG’s Opinion and the judgment take the view that services which Uber provides are a combination of transport and electronic commerce, and the bulk of the subsequent analysis concentrates on determining how that affects Uber’s services.

Advocate General Szpunar points out in his opinion (paragraph 64) that “within the context of this service, it is undoubtedly the supply of transport which is the main supply and which gives the service economic meaning”. Furthermore, he says that the connection part of the service is merely preparatory and meant to enable the transport part (p. 65). Crucially, since it is “neither self-standing, nor the main supply, in relation to the supply of transport”, it cannot be considered to be an information society service (ISS), within the meaning of the E-Commerce Directive. Paragraph 87 of the Opinion suggests that E-Commerce Directive is explicit in only covering information society service activities while not suggesting that a classification of an activity as being an ISS can, in and of itself, render other parts of the service meaningless. The Directive, in other words, says nothing about whether transport or any other laws also apply to the service. The central issue, the AG suggests, is whether the provider of the service exerts control over the key conditions governing the supply of transport. Where this is not the case, there may be talk of a service being an ISS. But, where this is the case, the connection part of the service does not turn a transport service into an ISS one. In AG’s view, the e-commerce component cannot stamp its spirit on the non-electronic part it depends on.

The Court’s final judgment follows the spirit of AG Szpunar’s opinion, although it uses a somewhat different reasoning. It notes (paragraph 32) that transport and intermediation are different services:

In that regard, it should be noted that an intermediation service consisting of connecting a non-professional driver using his or her own vehicle with a person who wishes to make an urban journey is, in principle, a separate service from a transport service consisting of the physical act of moving persons or goods from one place to another by means of a vehicle. It should be added that each of those services, taken separately, can be linked to different directives or provisions of the FEU Treaty on the freedom to provide services, as contemplated by the referring court. (emphasis added)

The Court is essentially saying that two components of a service may each be subject to different rules. While intermediation is an ISS, “non-public urban transport” is a transport service. Having that in mind, however, the Court concludes (p. 40) that “intermediation service must thus be regarded as forming an integral part of an overall service whose main component is a transport service and, accordingly, must be classified not as ‘an information society service”. The intermediation service too is a service in the field of transport. Similar to AG, the Court thinks that it is the dominant transport component which subsumes the electronic intermediation component.

Although the Court does not spell it out, the main criterion must be the separability of the two services. This is also apparent in the Court’s press release on the judgment, which concentrates on whether the services are “inherently linked”. In the Court view, services which are not inherently linked may be treated separately. If services are inherently linked, i.e. it is not possible for them to be supplied separately, it is necessary to look for the economically dominant one. In Uber’s case, the whole point of the service is for the electronic connection to facilitate the ultimate goal – transport. The electronic component would be meaningless on its own. This echoes paragraph 31 of AG’s opinion:

It would be pointless only to liberalise a secondary aspect of a composite supply if that supply could not be freely made on account of rules falling outside the scope of the provisions of Directive 2000/31.

The service in point, Uber, would have no self-standing economic value without the transport component which, in turn, is regulated elsewhere. The answer must therefore be that composite supply services depend on all relevant legislation and not only on the electronic commerce laws. The fact that they are also electronic commerce services does not take them outside the scope of transport laws.

The judgment offers guidance on what is to be considered a composite service:

In the case of composite services, namely services comprising electronic and non-electronic elements, a service may be regarded as entirely transmitted by electronic means, in the first place, when the supply which is not made by electronic means is economically independent of the service which is provided by that means.

For a service to fall entirely into the ISS category, the non-electronic component must be independent of the electronic one. The present framework leaves the determination of how non-electronic components of composite services are to be regulated to national laws (p. 47 of the judgment) in all cases which are not directly harmonised.

In conclusion, the Uber case recognises several categories of services:

  • non-composite electronic commerce services (e.g. taxi directories), subject to E-Commerce laws only
  • non-composite transport services (e.g. regular taxi services), subject to transport laws only
  • composite services with economically dependent components (e.g. Uber), subject to transport laws (or other dominant non-electronic component)
  • composite services with economically independent non-electronic component (e.g. airline ticket portals), which are subject to E-Commerce laws

It is difficult to disagree with the Court’s logic. This is for a simple reason: a service whose main non-electronic component is otherwise regulated, should not be able to escape such regulation by introducing an e-commerce aspect. To hold otherwise would mean that medical, financial or tourism services would be able to circumvent regulation by having an innovative electronic component. Contrary to the view that CJEU misunderstands the innovative and disruptive aspects of Uber, the Court simply believes that the innovative component in the service may be located in either of the two parts of the composite service. In Uber’s case, this is both in the electronic and the transport components.

Net Neutrality: What the Public Gets Wrong

A short article I published on Danish site Videnskab.dk had also been published on ScienceNordic in English. Here are the links to both

In English:

http://sciencenordic.com/net-neutrality-what-public-gets-wrong?utm_content=buffera6ef3&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

In Danish:

https://videnskab.dk/teknologi-innovation/netneutralitet-3-ting-som-offentligheden-misforstaar

More on the Proposed 2017 ePrivacy Regulation: A Messy and Contradictory Text That Confuses Content and Carrier

We have briefly outlined some of the problems concerning the Commission’s 2017 proposal for a new ePrivacy Regulation in an earlier post. The main point made then was that the rules are unnecessarily complicated and not always in sync with the forthcoming GDPR. On October 26, the EU Parliament voted to move forward to Trilogue on the basis of the present text, thus advancing it one step forward towards adoption. The debate about the text seems to have been simplified to such extremes that even EU officials are not immune from making emotional albeit misguided arguments.

The proposed text, however, is highly technical, and requires careful analysis. In this post, in order to underline the claim that the present text is inadequate, we will try to highlight three of the most pressing controversies that arise out of it.

  1. As is well known, the ePrivacy proposal, as was the case with the still-in-force 2002 ePrivacy Directive, is a text arising out and forming part of the Telecommunications Regulatory Framework. The present framework dates to 2009 and very comprehensive proposals for its reform in the form of the European Electronic Communications Code (EECC) have been tabled. As such, the Proposal is part of a set of laws which apply to the carrier layer of the Internet – the electromagnetic signals which move either through the wires or through the air. That Framework does not apply to content, for which an entirely different set of laws has been designed (the chief of which is the 2001 E-Commerce Directive but part of which is also the 1995 Data Protection Directive (“DPD”)). This is apparent from Articles 1, 2 and 4.1.b, which confirm that its field of application are networks and services,1 the same field of application as that in the Telecoms Regulatory Framework – not information society services, as is the case with E-Commerce. The Telecoms Regulatory Framework, by definition, does not regulate the content of electronic communications but only the modalities of their transfer (authorisation of, access and interconnection, universal services). In that sense, the ePrivacy Directive positioned itself as an instrument which complemented the 1995 Data Protection Directive (still in force today until GDPR replaces it in May 2018), albeit from the arsenal and with a toolbox of a completely different regulatory circle – that covering the content. In other words, the ePrivacy Directive relied on the DPD instruments (and referred to them directly) to address a set of specific issues which only arose in the telecommunications field. This was a neat trick which was relatively simple to perform in 2002. The Proposal still positions itself as part of the telecoms circle, expressly referring to EECC. The Proposal still relies on the (now) GDPR set of tools and declares its complementary role. But, the reality of the converged Internet which the Proposal now effectively applies to has moved it from the telecoms/carrier squarely into the contents field. In other words, the Proposal is a content-regulatory tool that passes itself of as a telecoms law and uses telecoms tools for content regulation. The result is highly confusing – applying content-designed privacy concepts to the carrier layer and carrier-designed rules to content services.
  2. The Proposal extends its territorial scope of application to non-EU providers. Whereas the Directive applies within the scope of the application of DPD and the 2009 telecoms framework, the Proposal aligns itself with the GDPR’s extended scope: it applies to provision and use of all services to end-users in the Union (irrespective of the corporate seat of the provider) as well as terminal equipment of the end-users in the Union. This is the extension of its scope to entities located outside of the EU, which is similar in nature to Article 3 GDPR. The problem arises from the lack of precision which GDPR does not suffer from but ePrivacy proposal does. GDPR is specific in that it applies only to the provision of goods or services to EU subjects (deliberate targeting) and monitoring of behaviour. Recital 23 of GDPR requires an intention to target EU users. Recital 9 of the Proposal does not. This can only be interpreted to mean that all telecoms services reaching end-users in the EU, irrespective of whether such services were intended for these users, are covered – an unnecessary extension of scope and an unnecessary deviation from the GDPR’s more balanced approach.
  3. Whereas the Directive’s main idea was that telecoms communications should be confidential while they pass through the wires and while they are in telecoms operator’s hands, it never put obstacles on the processing itself. It rather sought to eliminate the situations in which telecoms operators might compromise the data privacy (by e.g. unwarranted surveillance) or where data or metadata might be misused. The Proposal’s starting point is that “listening, tapping, storing, monitoring, scanning or other kinds of interception, surveillance or processing of electronic communications data” (emphasis added) should be prohibited unless specifically allowed. The essence of any telecoms business model is the processing of telecoms data and metadata. The main position of the Proposal is that this activity is, in principle, prohibited. This position is both unsustainable and puzzling since it demonstrates the drafter’s lack of understanding of the nature of telecoms activities.The processing is allowed under some circumstances covered in Article 6. The Proposal suggests first that both content and metadata may be processed by providers or networks and services for achieving the transmission or for maintaining or restoring security. Metadata only may be processed in more situations by providers of services only, including when the users gave consent. Finally, content only (without data) can only be processed by providers of services only for the provision of a specific service to end users with their consent and where all end-users concerned have given their consent. The proposed division seems to be arbitrary in its distinction between providers of networks and providers of services. Equally confusing are the reasons under which content as opposed to metadata may be provided. More damagingly, the consent here is in contradiction with Articles 6 and 7 GDPR. The two sources – GDPR and Proposal – say different things about consent, with the Proposal imposing significantly stricter requirements.

Some of criticism outlined above is not new. A study published on October 19, 2017, highlighted a number of controversies as have other sources. We believe that the confusion which arises from the present text is a sign that the convergence of content and carrier cannot be dealt with by bundling the issues into a single legal container. The present Proposal attempts to do too much by relying on tools from two legal frameworks while not being fully committed to either. Equally damagingly, the Proposal duplicates and/or confuses issues already covered in GDPR. Nowhere is this more apparent than in the provisions on ‘cookies’. Article 8, which replaced the much-maligned and ineffective cookie requirement of Article 5(3) of the ePrivacy Directive, is long, confusing and replicates some parts of Recitals 26, 30 and 32 of GDPR while contradicting others.

A sensible approach is to keep the content and carrier layers separate by transferring content-related issues to GDPR while keeping the telecoms ones strictly within the telecoms framework. While this would require a thorough rethinking of the proposed texts and a redrafting of GDPR, the ultimate result would be the added protection in those areas where it is really needed.

  1. “Electronic communications” are an official EU replacement for the old term “telecommunications”. In reality, they are synonyms.

Commission Fines Google €2.4 billion – What They Got Wrong and Why it Matters

On June 27, The European Commission fined Google €2.42 billion for abusing dominance as a search engine by giving advantage to its own comparison shopping service.

Google’s “flagship” product is its search engine, with a global market share of over 78% and over 90% in the EU. 90% of Google’s revenues come from selling advertising on its search engine. The present case concerns another product, its comparison shopping service, currently named Google Shopping. When entering a product name, Google Shopping compares products and prices online and presents the results to end-users. In doing so, Google accesses other platforms such as Amazon or eBay. Google Shopping is embedded in Google’s search engine so that it is not necessary to visit Google Shopping separately. A regular search for a product on its main engine prominently displays Google Shopping results at the top. This, in Commission’s view, is Google’s main transgression.

The Commission is currently running three separate cases against Google. The present case should not be confused with a similar but conceptually different one the Commission is running against Google’s practices concerning its Android operating system. That investigation into Google’s Android has been running from 2015 and has not concluded yet. It should equally not be confused with the Commission’s 2016 investigation of agreements between Google and partners of its online search advertising intermediation programme AdSense. While Google’s dominance in the search market is what connects these cases, the underlying legal basis on which the Commission relies is not the same in them and they should be analysed separately.

The investigation dates back to 2010. After a lengthy investigation, the then-commissioner Joaquín Almunia sought to reach a deal with Google in 2012, avoiding formally charging it, a strategy for which he was heavily criticised. After Margrethe Vestager assumed office in November 2014, the case started moving at a somewhat faster pace. The Commission sent the original statement of objections in September 2015. Google outlined its responses to the Commission in a blog post in November 2016. The supplementary statement of objections has been sent in July 2016 to which further responses followed.

In reaching its present decision, the Commission’s starting point is that there should be competition between comparison shopping services. Google has used its dominant position on the search market to allegedly illegally promote its own comparison shopping service. The Commission’s argument is that Google has:

  • “systematically given prominent placement to its own comparison shopping service”
  • “demoted rival comparison shopping services in its search results”

Put in simple terms, the Commission claims that Google is not only relying on its dominance in the search market to push its own comparison shopping service but is taking active steps to ensure that rivals’ services are not readily accessible. The Commission concludes that Google is dominant in the search engine market and that it has abused its dominance by giving its own shopping service an illegal advantage.

In comments to the original and supplemental statement of objections, Google indicated that it believed the Commission’s definition of the relevant market to be narrow. In choosing to focus on comparison shopping websites only, the Commission was ignoring the broader dynamics of consumer shopping. Google’s June 27, 2017 response to the decision repeats in an abbreviated form the arguments heard before. In Google’s view, the Commission does not provide convincing reasons for only targeting the more recent version of its shopping product which has been available for many years without objection. Furthermore, the Commission does not adequately address the overall decline of comparative shopping products which Google believes to be a direct result of the increasingly popular Amazon and eBay. Google’s November 2016 response claims

that online shopping is robustly competitive, with lots of evidence supporting the common-sense conclusion that Google and many other websites are chasing Amazon, by far the largest player on the field.

If one is to look for market power, one has to see what market that power is supposedly exercised on. There is no doubt that market definition in online markets is a rather complicated exercise. At present, horizontal search engines (Google, Bing, etc), vertical search engines (e.g. Pricerunner) and vendor platforms (Amazon, eBay) all compete for the same custom. Furthermore, the SSNIP test (small but significant and non-transitory increase in price) does not seem to be effective in narrowing down the market for online shopping. It can be said with some confidence that Google’s competitors are not only the other comparison shopping websites (nor even other search engines) but other intermediaries in general. This is especially true of younger generations who increasingly use platforms like Facebook, Instagram or Snapchat for their search needs. Firms with different business models can and do compete within the same market.

Research suggests that product comparison shopping is affected mainly by the frequency of internet usage, perceived usefulness, and ease of use. The Commission has not provided a forward-looking market definition nor did it prove that Google might be dominant on such a market (as opposed to more narrowly defined one). The Commission’s argument concerning dominance on the search engine and the related advantage would only work if the consumers would access a more significant share of competitors’ services either in the total absence of Google Shopping or in it being “downgraded” in ranking or placed alongside others. But, evidence suggests that consumers access comparison shopping sites largely directly and not trough Google simply because it is easier and more useful to do so. Google’s withdrawal from this market would have no effect on traffic that these other sites get.

In summary, it seems that the Commission’s approach is based on a specific and narrow market definition. Users do not seem to engage in comparative shopping of the kind Commission believes them to. An average shopper accessing Google is well aware of alternatives and uses them anyway. To say that there is no single market for online search today borders on banality and yet the Commission seems to read too much into the fact that 90% of users in the EU use Google. Further to that, the Commission believes that Google should treat own products and those of competitors equally, by no means a foregone conclusion.

The Commission’s decision is important for several reasons. While Vestager DG COMP may very well have learned the lessons from the political fallout from Almunia’s attempt to strike a deal, the importance of threading carefully cannot be overestimated. Almunia’s attempt to compromise reflects the realities of modern platforms – they tend to be dominant for a short while, they are ubiquitous and they perform a public service. Heavy handed approach may backfire. The present decision may be rendered meaningless much faster than with the 2007 Microsoft case in a rapidly changing search market.

More importantly perhaps, the somewhat hasty approach may be a signal of a messy situation to follow both in further Google cases and a plethora of other high-tech issues currently pending or coming in the future. The case is likely to continue for a considerable period as it gets appealed to Court.