You may have read a lot of chatter about the European Commission’s Digital Single Market (DSM) over the last two days. The reaction in the blogosphere has already been a mix of optimism, hope, consternation, cynicism… and general Brussels fatigue.
What is the DSM?
In a nutshell, it is a strategy that seeks to create a true ‘single market’ within the EU – that is, a market where there is total free movement of goods, persons, services and capital; where individuals and businesses can seamlessly and fairly access online services, regardless of where in the EU they are situated.
Theoretically, EU citizens will finally be able to use their mobile phones across Europe without roaming charges, and access the same music, movies and sports events online at the same price wherever they are.
Whatever the public reaction, there is no doubt that the DSM is a highly ambitious strategy. It sets out wide legislative initiatives across a vast range of issues: from copyright, e-commerce, geo-blocking, competition, cross-border shipment, data protection, to telecoms regulation.
Much has already been written about these proposals and the Fieldfisher team has written this great summary of all the legislative proposals.
For the readers of this blog, we’d like to focus only on those proposals that relate to privacy and data protection.
Privacy & Data Protection issues
In our view, data issues lie at the heart of these reforms and there are 4 key initiatives that impact directly on these rights:
1. Review of data collection practices by online platforms
As part of the DSM, the Commission is proposing a “comprehensive analysis” of online platforms in general, including anything from search engines, social media sites, e-commerce platforms, app stores and price comparison sites.
One of the concerns of the Commission is that online platforms generate, accumulate and control an enormous amount of data about their customers and use algorithms to turn this into usable information. One study it looked at, for example, concluded that 12% of search engine results were personalized, mainly by geo-location, prior search history, or by whether the user was logged in or out of the site.
The Commission found that there was a worrying lack of awareness by consumers about the data collection practices of online platforms: they did not know what data about their online activities was being collected and how it was being used. In the Commission’s view, this not only interfered with the consumers’ fundamental rights to privacy and data protection, it also resulted in an asymmetry between market actors.
As platforms can exercise significant influence over how various players in the market are remunerated, the Commission has decided to gather “comprehensive evidence” about how online platforms use the information they acquire, how transparent they are about these practices and whether they seek to promote their own services to the disadvantage of competitors. Proposals for reform will then follow.
2. Review of the e-Privacy Directive
The e-Privacy Directive is currently a key piece of privacy legislation within the EU – governing the rules for cookie compliance, location data and electronic marketing amongst other things.
Not a huge amount has been said about this review in the DSM documents. All that we know at this stage is that the Commission plans to review the e-Privacy Directive after the adoption of the General Data Protection Regulation, with a focus on “ensuring a high level of protection for data subjects and a level playing field for all market players”. For instance, the Commission has said that it will review the e-Privacy Directive to ensure “coherence” with the new data protection provisions, and consider whether it should apply to a much wider set of service providers. It further says that the rules relating to online tracking and geo-location will be re-evaluated “in light of the constant evolution of technology” (Staff Working Document, p. 47).
3. Cloud computing and big data reforms
Cloud computing and big data services haven’t escaped the grasp of the Commission either. The Commission sees these types of services as central to the EU’s competitiveness. European companies are lagging significantly behind in their adoption and development of cloud computing and big data analytics services.
In its report, the Commission has diagnosed a number of key reasons for this lag:
- EU businesses and consumers still do not feel confident enough to adopt cross-border cloud services for storing or processing data because of concerns relating to security, compliance with privacy rights, and data protection more generally.
- Contracts with cloud providers often make it difficult to terminate or unsubscribe from the contract and to port their data to a different cloud provider.
- Data localization requirements within Member States create barriers to cross-border data transfers, limiting competitive choice between providers and raising costs by forcing businesses to store data on servers physically located inside a particular countries.
The Commission are therefore proposing to remove what it sees as a series of “technical and legislative barriers” – such as rules restricting the cross-border storage of data within the EU, the fragmented rules relating to copyright, the lack of clarity over the rights to use data, the lack of open and interoperable systems, and the difficulty of data portability between services.
4. Step up of cyber-security reforms
Cyber threats have led to significant economic losses, huge disruptions in services, violations of citizens’ fundamental rights and a breakdown in public trust in online activities. The Commission proposes to step up its efforts to reduce cybersecurity threats by requiring a more “joined up” approach by the EU industry to stimulate take up of more secure solutions by enterprises, public authorities and citizens. In addition, it seeks a “more effective law enforcement response” to online criminal activity.
The above is just the tip of the iceberg of the reforms that are being proposed. Outside of privacy and data protection issues, the DSM Strategy includes initiatives such as harmonizing copyright laws, extending media regulation to all online platforms, and prohibiting unjustified geo-blocking.
As with all ambitious reforms of this kind in the EU, there will be vocal critics on both sides, and a huge degree of political scrutiny. The timetable for completion is either the end of 2015 or the end of 2016 but, no doubt, it will be years before any legislation is actually signed off and transposed into national law.
In an industry which changes at such a rapid speed – week after week, month after month – the real danger of EU reform is that such legislation can already be conceptually outdated by the time it is brought into force and a whole new set of problems may, by then, have emerged.
But whatever the eventual outcome of these legislative initiatives, it is clear that there is an important, wider debate to be had about the global digital market: Why is the rest of the world so behind the US? What is the secret to the US’ success and dominance? Do these proposals really go to the heart of the problem? Such questions merit a post, if not a treatise, of their own. We should perhaps show some admiration towards the European Commission for trying to tackle these deep and knotty issues head on.