Discover more from AI in Business
The EU’s Digital Markets Act Sets the Pace for Big Tech Regulation
New rules would prevent “gatekeeper” companies from conducting business in the same way, requiring more separation of services and explicit permissions from consumers.
By John P. Desmond, Editor, AI in Business
The European Union last week finalized digital rules to crack down on big tech companies who are online “gatekeepers” such as Google and Facebook parent Meta, with implications for how AI may or may not be deployed still being assessed.
The EU officials agreed on wording for the Digital Markets Act (DMA), which seeks to prevent tech giants from dominating digital markets. The Act will need additional approvals before going into effect. With these new rules, and proposed rules for AI introduced last year, as well as antitrust investigations and strict regulations on data privacy, Europe has become a global pacesetter for big tech regulation.
“What we have been deciding will start a new era in tech regulation,'' stated Andreas Schwab, the EU’s lead lawmaker, in a press conference reported by the Associated Press .
Big Tech companies were less than enthusiastic about the new Digital Markets rules. “While we support many of the DMA’s ambitions around consumer choice and interoperability, we remain concerned that some of the rules could reduce innovation and the choice available to Europeans,” stated a spokesperson for Google.
Under the new DMA rules, big tech companies would not be allowed to rank their own products or services higher than those of others in the search results. Also, apps such as web browsers would not be able to be installed by default along with the operating system, the way that Google’s Chrome is bundled with Android phones.
In addition, the new rules would prevent a user’s personal data from being combined for target ads, unless the user gives “explicit consent.” That would prevent Google from collecting information on an individual’s YouTube viewing, online searches, travel history from Maps and Gmail conversations - all now used to build profiles used to serve up personalized ads - unless a user agrees to each use.
Also, online services would have to ensure that users can opt out as easily as they are able to sign up. That rule is “aimed at services where it’s super easy to sign up — boom, you’re a customer — but unsubscribe is hidden under three levels of menus,” such as on Amazon Prime, stated Jan Penfrat, senior policy adviser at European Digital Rights (EDRi), an association of civil and human rights organizations. “They push it on to you with big, colorful buttons, but getting out of it is really difficult.”
A gatekeeper company is defined under the EU rules as providing “core platform services” such as search engines, social networks, messengers and social media. Also, the gatekeeper designation is applied to companies earning at least $8.3 billion in annual revenue in Europe in the past three years, and have 45 million users and 10,000 business users in Europe.
"We have achieved something unprecedented, legislation that paves the way to open, fair, contestable digital markets, so everybody has a fair chance of making it," stated Margrethe Vestager, executive vice president at the European Commission, on Twitter and quoted in an account from the news website Axios. “The gatekeepers will now have to take responsibility."
Fines for non-compliance will be steep, up to 10 percent of global revenue and 20 percent for repeat offenders.
One US observer was not happy with the direction of the EU regulations for big tech. "It's regulation that targets firms, rather than anticompetitive business practices, which we think is a really bad precedent to set," stated Garrett Workman, senior director of European Affairs at the US Chamber of Commerce, to Axios.
Google was also less than enthusiastic about the new rules, with a spokesperson quoted as stating, “We remain concerned that some of the rules could reduce innovation and the choice available to Europeans.” The company "now take time to study the final text and work with regulators to implement it."
US companies supporting the EU’s DMA regulations include Mozilla, Microsoft, Yelp and Genius. "We quite like the idea that the DMA is going to give consumers and businesses more freedom to deploy the software of their choice, use more alternatives and not be locked into the Big Tech silos," stated Owen Bennett, senior public policy manager at Mozilla, to Axios.
EU Cements Leadership in Tech Regulation, Creating the “Brussels Effect”
The new regulatory actions cement Europe’s leadership in regulating big tech companies. The European standards are often adopted worldwide, such as they were with the General Data Protection Regulation (GDPR) governing privacy and security, first proposed in 2016. Today, GDPR has been adopted by all 27 EU countries. The US has no equivalent law, although research is showing that eight of 10 US companies have taken steps to update privacy policies; fewer have adopted breach notification policies and procedures.
“Faced with big online platforms behaving like they were ‘too big to care,’ Europe has put its foot down,” stated Thierry Breton, a top official in the European Commission, quoted in an account in The New York Times. “We are putting an end to the so-called Wild West dominating our information space. A new framework that can become a reference for democracies worldwide.”
More US tech industry unhappiness was registered by the Chamber of Progress, a trade group in Washington, DC. “This bill was written to target US tech companies, and its impact will fall on American workers,” stated Adam Kovacevich, chief executive of the chamber, to the Times. “European regulations that single out our tech sector threaten American jobs — not just in Silicon Valley, but in cities from Pittsburgh to Birmingham.”
The “Brussels Effect” is a term coined by Anu Bradford, a Columbia University law professor, to describe the impact of the EU’s tech regulations, for their potential to become global standards. “Everyone is watching the DMA, be it the leading tech companies, their rivals or foreign governments,” Bradford stated in The New York Times account. “It is possible that even the US Congress will now conclude that they are done watching from the sidelines when the EU regulates US tech companies and will move from talking about legislative reform to actually legislating.”
Big tech lobbyists in Europe highlighted reservations about the DMA text and called for a seat at the table to work out agreements on technical details of the new rules.
“There are still several parts of the text that lack clarity, so we urge the European Commission to collaborate with industry players to help them clarify and apply them in a sensible way to ensure that we get the best results,” stated Cecilia Bonefeld-Dahl, director general of the tech lobby DigitalEurope, which represents players including Amazon, Apple, Facebook's parent company Meta and Google, in an account from Politico, a political journalism site.
“Several of the new rules will require major technical and legal work, such as the interoperability requirements and data-sharing obligations,” she added.
EU AI Act Draft Released Last Year
Other regulations the EU is formulating include the Digital Services Act, to govern how large tech platforms handle illegal online content, and the Artificial Intelligence Act, a legal framework outlining acceptable and unacceptable practices around use of the innovative technology
The AI Act draft proposal of 108 pages has far-reaching implications for big tech companies including Google, Facebook, Microsoft and Amazon, who have all invested substantially into AI development. The AI Act, proposed in April 2021, is expected to take several years to move through the European Union process for approval,
The EU’s draft AI Act regulations separate systems into three risk categories: unacceptable-risk AI systems, including manipulative systems that cause hard and all forms of social scoring; high-risk AI systems, including those evaluating consumer creditworthiness or assist with recruiting; and limited-risk AI systems such as chatbots.
“The regulation would have extraterritorial reach, meaning that any AI system providing output within the European Union would be subject to it, regardless of where the provider or user is located,” stated the authors of a 2021 report from McKinsey & Co.
(Write to the editor here.)
Thanks for reading AI in Business! Subscribe for free to receive new posts and support my work.