How COVID-19 is shaping European tech regulation

FILE PHOTO: Florian Heretsch and Emil Voutta of the developing team of software giant SAP work on the German government official COVID-19 tracing App at the SAP headquarters, as the spread of the coronavirus disease (COVID-19) continues, in Walldorf, Germany May 29, 2020. REUTERS/Kai Pfaffenbach/File Photo

When Ursula von der Leyen’s European Commission took office in December 2019, it was poised to mount the largest regulatory attack on Big Tech of the social media era. Its ambitious digital agenda represents the bureaucratic embodiment of the “techlash” that has gripped Europe in recent years, with proposals designed to limit tech giants’ market power, increase consumer protections, and collect a share of locally generated revenue.

Though the European Commission remains focused on responding to the pandemic and its economic aftereffects, its digital agenda remains intact but is shifting slightly to address concerns raised by COVID-19. While the Commission’s signature legislative priorities are still on the docket, some initiatives that had been set to roll out later this year are likely to be pushed to next year, with the pandemic forcing the Commission to address pressing questions on medical mis- and disinformation and contact-tracing.

In its recently revised work program, the Commission confirmed, despite earlier rumors to the contrary, that it will move forward as planned on a Digital Service Act (DSA) that would upgrade liability and safety rules for digital platforms, services, and products. And earlier this month, the Commission opened public consultation on a wide-ranging set of digital issues, which will inform the legislation set to be unveiled in the fourth quarter of 2020. Topics include safety, liability, the role of platforms as gatekeepers, the status of gig economy workers, online advertising, and internet governance of the single market. The Commission is also set to release by the end of the fourth quarter its Democracy Action Plan, which will build on its current Code of Practice on Disinformation and seeks to protect the bloc from the effects of disinformation and foreign election interference.

However, several other digital initiatives are likely to slip to 2021. The EU’s legislative follow-on to its White Paper on Artificial Intelligence, which had been set to move forward alongside the DSA, will now be considered in early 2021. The leadership of the Organization for Economic Cooperation and Development, where member states are working to hammer out a digital tax deal, recently said negotiations may drag into next year, though some EU member states have pledged to move forward with their own proposals if a deal is not reached by the end of 2020. A UK investigation into digital advertising, the results of which were likely to guide the EU’s approach to the issue, has also been shelved.

As it emerges from the pandemic, the EU has pledged to anchor its economic recovery efforts in digital transformation and green transition. But with the continent feeling the pandemic’s economic aftereffects and a possible second wave of COVID-19, it is likely economic imperatives will continue to partially crowd out the digital agenda.

The pandemic has not stopped the EU from pursuing anti-trust enforcement actions against large U.S. tech firms. Amazon is the latest tech giant to land in the crosshairs of EU digital and competition chief Margrethe Vestager. In coming days, the EU is expected to charge the online retailer with abusing its dominance in online retail to discriminate against external sellers on its platform. The EU also announced this month that it will investigate Apple’s App Store and Payments app to determine whether the company misused its gatekeeper function to gain an unfair business advantage. Facebook’s Marketplace is under scrutiny for similar reasons. All three investigations point to continued EU emphasis on anti-trust enforcement as a favored EU tactic to curtail the market power of Big Tech.

The pandemic has also created new and urgent digital challenges. As life has moved increasingly online, stemming the tide of public-health misinformation, hoaxes, and conspiracy theories has gained critical importance. As a result, platforms have taken a series of proactive and well-publicized measures to promote science-based messaging from official sources and impose limitations on posts and advertisements that contradict public-health authorities, peddle pseudoscience, or engage in price gouging. Though EU regulators have complained these efforts remain insufficient to stem the tide of dangerous health-related misinformation, platforms are likely to get some credit from regulators and the public for a perceived increase in their willingness and capacity to protect user safety.

Contact-tracing apps have also emerged as an area in which tech companies can assist governments with automating time-consuming manual contact tracing to more effectively track and control the virus’s spread. Google and Apple have developed an API for contact-tracing apps, which utilizes Bluetooth “handshakes” with nearby devices to track user contacts and store them locally on the device. Despite initial skepticism about the tech giants’ involvement, a growing number of European countries have signed onto this approach, which is intended to preserve user privacy in line with EU guidelines.

Ironically, the Google-Apple approach has rankled countries like France, which prefer centralized data storage to enable additional epidemiological research, despite the erosion of user privacy. EU member states have also rushed to capture and centralize cell phone metadata from telecom operators to better track the virus’s spread, a step that would have been unthinkable in the pre-COVID-19 era.

These examples reflect a growing movement within Europe to recalibrate—at least temporarily—the EU’s approach to privacy in the face of the pandemic. There is some speculation the EU postponed the release of its two-year review of the General Data Protection Regulation, originally scheduled for April 22, to take into account the dilemmas posed by COVID-19 as member states balance public-health and privacy concerns.

In some areas, the pandemic has created shared interests and facilitated closer collaboration between European governments and tech giants. Large tech firms’ efforts to stem public-health misinformation and enable electronic contact tracing, while not perfect, have challenged European stereotypes of Big Tech as evil monopolists. Confronted with their first major crisis since the passage of GDPR, regulators are now recognizing—and in some cases questioning—the trade-offs required to meet European privacy standards.

In the early days of the pandemic, there was some hope that this graying of dichotomies previously viewed as black and white (Big Tech = Bad; Privacy = Good) would lead to a higher degree of understanding between policymakers and industry and more effective regulation. But an open letter in late May from the foreign ministers of France, Germany, Italy, Portugal, and Spain regarding contact-tracing apps dashed that hope. The letter, which was clearly aimed at Apple and Google despite passive aggressively declining to mention their names, decried “a missed opportunity to further an open collaboration between Governments and the private sector.” There is blame on both sides for that missed opportunity, but as the EU’s digital agenda marches forward toward what will no doubt be a major clash between regulators and Big Tech, it is a shame both sides let it slip through their fingers.

Molly Montgomery is a nonresident fellow in the Center on the United States and Europe at the Brookings Institution.

Amazon, Apple, Facebook, and Google provide financial support to the Brookings Institution, a nonprofit organization devoted to rigorous, independent, in-depth public policy research.