Dugie Standeford

European Commission proposals don't go far enough to address problems raised by online platforms, stakeholders told a webcast conference Thursday. EU lawmakers, civil society, internet companies, broadcasters and others backed the Digital Services Act and Digital Markets Act. But they said DSA and DMA need work. DSA measures could counter illegal content and require platform transparency, building on EU e-commerce directive intermediary liability rules (see 2012150022). DMA further obligates very large platforms ("gatekeepers").

The European Commission isn't trying to bypass ICANN governance of the domain name system (DNS) through its proposed digital services act (DSA) and cybersecurity package, EC officials said at an ICANN virtual stakeholder briefing Friday. The EC supports the multistakeholder approach and contributes to ICANN discussions through the Governmental Advisory Committee, said Gemma Carolillo, DG Connect deputy head-next-generation internet unit. The legislation's intent is to create legal certainty for domain name registries and registrars on things like Whois accuracy and access to personal registrant information, she said. If the proposals are adopted, the EC plans to issue guidelines that draw on ICANN's policy development work on access to personal data, she said. The EC is counting on ICANN to adopt rules for access to Whois data and start the discussion on ensuring such data is accurate, said Olivier Bringer, next-generation internet unit head. The briefing was on the potential impact of the DSA and cybersecurity measures on ICANN. The legislation would update the 2000 e-commerce directive governing the exemption from liability for illegal content of internet intermediaries (see 2101290006). That directive applies to specific services such as ISPs that act as conduits. The DSA proposes to leave the liability exemption intact but to add new rules requiring due diligence and set harmonized enforcement rules, said Irene Roche Laguna, EC deputy head-e-commerce and platforms unit. The EC considers registrars and registries to be within the DSA's scope and wants to clarify legally that they fall within the liability exception as mere conduits but also that they will have some light due diligence obligations for illegal content, Laguna said.

EU plans for tighter regulation of internet companies will affect the domain name system and ICANN, stakeholders agreed in recent interviews. The European Commission-proposed digital services act (DSA), cybersecurity strategy and revised network and information security directive's exact impacts remain unclear, they said.

Ethos Capital's buying control of Donuts isn't a plot for back door control of .org, a Donuts representative told us Monday. The venture capital firm announced Friday it's taking a controlling interest in the domain name giant, which recently bought top-level domain registry Afilias. ICANN shot down Ethos Capital's attempt last year to buy the Public Interest Registry (PIR), which operates .org, after an outcry from public interest advocates and some lawmakers (see 2005010003). It's unclear whether the private equity firm's buy of Afilias, which runs .org's technical operations, could signal another try for PIR, emailed Jothan Frakes, CEO of registrar Plisk.com. "No," emailed Donuts founder and board member Paul Stahura. The technical registry fees Afilias receives for operating .org are small in proportion to Afilias' revenue, and when combined with Donuts, even smaller, he said. Moreover, PIR and the Internet Society, which owns it, have the option to move their back-end provider to whoever offers the best service for the lowest price, Stahura added. The combined shows "really noteworthy" domain name industry consolidation, Frakes said: Centralnic made numerous acquisitions in 2020, as did mmx.co, which acquired ICM Registry, while GoDaddy bought Neustar's registry business. The industry "saw some consistency" in the shifts that working during the pandemic caused, he said. Not only did registrations continue, but the secondary market also had growth. There were record domain name sales, such as $20 million for money.com. It's important to keep an eye on how these vertically integrated businesses operate and whether competition remains, Frakes said. Ethos Capital didn't comment.

Proposed new EU rules for digital platforms could become a global norm, some stakeholders speculated. The Digital Services Act (DSA) and the Digital Market Act (DMA), unveiled by the European Commission Dec. 15 (see 2012150022), aim to protect fundamental rights online and create a fairer, more open digital market, the EC said. DSA would require very large platforms ("gatekeepers") take risk-based action to prevent abuse of their systems through increased transparency.

Google's proposed acquisition of Fitbit can proceed, with conditions, the European Commission said. There was an investigation of the transaction and the companies' complementary activities, it said Thursday. Fitbit has limited market share in the smartwatch segment in Europe, where there are many larger rivals, such as Apple, Garmin and Samsung, so the acquisition will lead to "very limited horizontal overlaps," the EC said. The probe focused on data collected by Fitbit wearable devices and the interoperability of those devices with Google's Android operating system for smartphones. The EC was concerned Google would acquire Fitbit's database on users' health and fitness, plus the technology to develop a similar database, making it hard for rivals to match Google's services in online search advertising. Other worries were that Google might restrict competitors' access to Fitbit's web application programming interface, to the detriment of European startups in the emerging digital healthcare space, and that Google could put competing makers of wearable wrist devices at a disadvantage by degrading their operability with Android smartphones. Google has offered commitments on advertising, web API access and Android APIs to run for 10 years and be monitored by a trustee to be appointed before the transaction closes, the EC said. "This deal will spur innovation in wearable devices and enable us to build products that help people lead healthier lives," emailed a Google spokesperson. "We understand that regulators wanted to look closely at this transaction, and we have worked constructively with them to resolve their concerns, including the set of legally binding commitments the" EC accepted. The spokesperson cited his company's past "assurances" about the takeover and privacy and working with other stakeholders.

Major "gatekeepers" such as social media services would face tighter supervision under proposed legislation unveiled by the European Commission Tuesday. The Digital Services Act (DSA) and Digital Market Act (DMA) aim to give users better, more reliable services, allow smaller companies to scale up across the EU and prevent unfair conditions imposed by online platforms that are or are expected to become gatekeepers to the single market, the EC said. They are "milestones in the journey to making Europe fit for the digital age," said EC Vice President Margrethe Vestager. The goal is to ensure internet users have access to a wide range of digital services, all companies can compete online as they do offline, and users can trust what they see online, she said. The DSA contains measures to counter illegal content and has transparency rules for platforms and requirements for very large platforms to prevent abuse of their systems. The DSA builds on existing intermediary liability rules in the EU e-commerce directive. Very large platforms that fail to comply would face fines of up to 6% of global revenue. The DMA applies specifically to gatekeepers, to be defined by their role in the market according to factors such as size, whether they operate as gatekeepers between businesses and users, and whether they have an entrenched position. Gatekeeper obligations, the EC said, would include giving companies that advertise on its platform access to the performance measuring tools it uses. Gatekeepers would need to allow business users to promote their own offers and give such users access to the data generated by those activities. Large platforms would be barred from blocking users from uninstalling and preinstalling software or apps, using data obtained from their business users to compete with those companies, and restricting users from accessing services they found elsewhere. Companies would self-verify as gatekeepers if they meet DMA quantitative thresholds. The EC would then designate them as gatekeepers, and within six months, they would need to comply with DMA rules. Platforms that ignore the rules are subject to fines of up to 10% of revenue, and, if there are systemic infringements, the EC can impose additional remedies such as forcing a unit's sale. The proposed legislation needs approval by the European Parliament and the Council.

The debate on trans-Atlantic data flows is starting to shift as the U.S. and EU increasingly recognize their shared values, officials said Tuesday at a webcast data protection and privacy conference in Brussels. The regions are negotiating a targeted enhancement to Privacy Shield that will comply with the European Court of Justice ruling in Schrems II, withstand further legal challenge and ensure U.S. sovereignty over its national security, said James Sullivan, International Trade Administration deputy assistant secretary for services. The ECJ decision overturned PS (see 2007240031). Any revised accord will have to relieve companies of the need to carry out separate reviews of the national security regimes of countries to which they want to transfer personal data, Sullivan said. Since the U.S. revised its surveillance laws in 2015, it has become the gold standard for protection against data access for national security purposes, he said. One complicating factor in the discussion is that Schrems II caused skepticism from some in the U.S. about making further commitments to Europe that could force changes in U.S. law, doubts reinforced by the EU not scrutinizing at the same level surveillance practices of some of its own members, he said. The European Commission is convinced the intersection of privacy and national security is the avenue to pursue to address the court ruling, said Bruno Gencarelli, head of international data flows and protection unit. He warned there's no quick fix because a solution must be legally and politically defensible. Gencarelli sees much more common ground now between the EU and U.S. and more convergence as more companies adopt data protection practices around privacy laws; nations at the G7, G20 and Organization for Economic Co-operation and Development level now realize that like-minded countries should be the ones to define common standards. Talks with the U.S. on an enhanced PS involve a negotiation on complex issues that won't be resolved overnight, Gencarelli said. It's a priority for the EC, and "we expect to move quickly" to agree on several provisions. This isn't a beauty contest about which privacy system is better; it's about finding solutions, he said. Sullivan said both sides have been "very creative" in coming up with solutions to bridge their differences, and challenges aren't insurmountable.

New rules for data-sharing are needed as an alternative to Big Tech platforms, the European Commission said Wednesday. Its proposed data governance act aims to boost trust in sharing data, because lack of trust is now a "major obstacle" that results in "high costs," it said. The regulation is the first under the EU data strategy approved earlier this year. It's "about creating the right conditions so that if people want to share data, they can do so in a trustful way," said Executive Vice-President Margrethe Vestager at a briefing. One key element is the creation of trustworthy intermediaries to provide basic infrastructure for data spaces. They must notify relevant authorities of their intention to provide data-sharing services, and ensure that sensitive and confidential data is safeguarded. There will be strict requirements to ensure their neutrality in connecting data holders and users. The framework offers an alternative model to the current data-handling practices offered by Big Tech, said Vestager. The principles will also apply "to us as individuals whenever we wish to share our own personal data, or donate them to serve the general interest." The act doesn't force anyone to share data. "Unjustified data transfer restrictions in themselves do not increase trust" but make it harder to do business with the world, said the Computer and Communications Industry Association. "Businesses need fewer, not more, [such] restrictions." European Digital Rights criticized the proposal for "framing everything in terms of theoretical economic benefits" for companies to the detriment of civil society goals of "moving towards a people-centric internet." The proposal "confirms the many worrying signals that Brussels has decided to pursue policies that are protectionist, discriminatory, and counterproductive," said the Center for Data Innovation. It's "as much an attempt to hobble foreign tech companies as it is an attempt to build up European ones."

Huawei's proposed "New IP" sparked charges the company and possibly the Chinese government are trying to hijack the internet. ICANN, ITU and others said the protocol's specifications and purported uses are so hazy it can't be considered as an internet replacement. Huawei said it's trying to improve existing IP versions 4 and 6 and denied it's working for the Chinese government. The project's link to Huawei, however, "is a guarantee, in the current geopolitical environment, that it will be politicized," blogged Internet Governance Project founder Milton Mueller.