The U.S. and EU are aligning more closely on a range of digital issues, speakers said Monday at a webcast interview with European Commission Vice President Margrethe Vestager and Senate Intelligence Committee Chairman Mark Warner, D-Va. Asked what their priorities are for the U.S.-EU digital relationship, Vestager said some key issues, such as secure supply chains, the approach to AI and the stance on regulating the technology sector, are obvious. Warner called for collaboration on values-based tech development that includes standards and rules on transparency and other issues. His key concern is the failure to create joint cybersecurity norms and policies, an omission he warned could be devastating. Cybersecurity must be part of every EU and U.S. discussion, Vestager said. Tech won't be successful if it's unsafe and people don't trust it, she said. Barriers to online manipulation of democracies must be integrated into everything stakeholders do and into digital skills people need as the first line of defense. When China or Russia sends hackers against a private entity or government, it will succeed without shared concepts of security services in Europe and the U.S., Warner said. On AI, Vestager noted that upcoming EC rules aim to be balanced and that their ban on certain uses of the tech will affect a limited number of cases. Warner hoped the U.S. embraces AI without subjecting people to discrimination, but this technology hasn't penetrated the U.S. policy world much yet. On content moderation on platforms, Vestager said the Digital Services Act sets up a systemic redress mechanism that balances the need to take down illegal content while preserving freedom of expression and imposes accountability on companies to ensure operations don't create risks. Platforms aren't doing enough to address disinformation, Warner said: Content moderation in the U.S. will come about in bits and pieces because the country has been so slow in addressing it.
Proposed European Commission plans to update cybersecurity rules are overbroad and need clarification, ICANN said Friday. The revisions to the network and information security directive (NIS2), part of a package aimed at tightening rules for online platforms, will affect ICANN (see 2101290006). Responding to an EC consultation, ICANN said NIS2 could have "far-reaching impacts" on the domain name system: The directive captures all DNS service providers. It urged the EC to consider distinguishing between providers of authoritative domain name resolution services (the "publication" side of domain name resolution) and providers of recursive domain resolution services (the name resolving side). Entities that operate a resolver service, often now otherwise classified as essential or important, are within the scope of the draft because they host a domain name or operate a recursive resolver, ICANN said. Providers of authoritative domain name resolution services should qualify as essential only if they serve domains of such important entities, it said. NIS2 requires EU governments to ensure that top-level domain registries and registrars collect and maintain accurate and complete domain name registration data in a "dedicated database facility with due diligence" subject to EU data protection law. ICANN said no entity can guarantee the integrity and availability of domain name registration data. The European Internet Services Providers Association noted only two years have passed since the effective date of the directive, meaning EU countries have had little time for assessment. NIS2 will raise costs for affected providers and should be future-proofed, said EuroISPA. The Information Technology Industry Council urged the EC to ensure reporting requirements are harmonized across the EU. The Internet Systems Consortium, which runs an ICANN authoritative root server, recommended NIS2 not include root name servers, saying doing so could destabilize the unitary DNS system. Verisign encouraged the EC to turn to ICANN's multistakeholder community for details on how EU governments can implement NIS2 consistently.
European Commission proposals don't go far enough to address problems raised by online platforms, stakeholders told a webcast conference Thursday. EU lawmakers, civil society, internet companies, broadcasters and others backed the Digital Services Act and Digital Markets Act. But they said DSA and DMA need work. DSA measures could counter illegal content and require platform transparency, building on EU e-commerce directive intermediary liability rules (see 2012150022). DMA further obligates very large platforms ("gatekeepers").
The European Commission isn't trying to bypass ICANN governance of the domain name system (DNS) through its proposed digital services act (DSA) and cybersecurity package, EC officials said at an ICANN virtual stakeholder briefing Friday. The EC supports the multistakeholder approach and contributes to ICANN discussions through the Governmental Advisory Committee, said Gemma Carolillo, DG Connect deputy head-next-generation internet unit. The legislation's intent is to create legal certainty for domain name registries and registrars on things like Whois accuracy and access to personal registrant information, she said. If the proposals are adopted, the EC plans to issue guidelines that draw on ICANN's policy development work on access to personal data, she said. The EC is counting on ICANN to adopt rules for access to Whois data and start the discussion on ensuring such data is accurate, said Olivier Bringer, next-generation internet unit head. The briefing was on the potential impact of the DSA and cybersecurity measures on ICANN. The legislation would update the 2000 e-commerce directive governing the exemption from liability for illegal content of internet intermediaries (see 2101290006). That directive applies to specific services such as ISPs that act as conduits. The DSA proposes to leave the liability exemption intact but to add new rules requiring due diligence and set harmonized enforcement rules, said Irene Roche Laguna, EC deputy head-e-commerce and platforms unit. The EC considers registrars and registries to be within the DSA's scope and wants to clarify legally that they fall within the liability exception as mere conduits but also that they will have some light due diligence obligations for illegal content, Laguna said.
EU plans for tighter regulation of internet companies will affect the domain name system and ICANN, stakeholders agreed in recent interviews. The European Commission-proposed digital services act (DSA), cybersecurity strategy and revised network and information security directive's exact impacts remain unclear, they said.
Ethos Capital's buying control of Donuts isn't a plot for back door control of .org, a Donuts representative told us Monday. The venture capital firm announced Friday it's taking a controlling interest in the domain name giant, which recently bought top-level domain registry Afilias. ICANN shot down Ethos Capital's attempt last year to buy the Public Interest Registry (PIR), which operates .org, after an outcry from public interest advocates and some lawmakers (see 2005010003). It's unclear whether the private equity firm's buy of Afilias, which runs .org's technical operations, could signal another try for PIR, emailed Jothan Frakes, CEO of registrar Plisk.com. "No," emailed Donuts founder and board member Paul Stahura. The technical registry fees Afilias receives for operating .org are small in proportion to Afilias' revenue, and when combined with Donuts, even smaller, he said. Moreover, PIR and the Internet Society, which owns it, have the option to move their back-end provider to whoever offers the best service for the lowest price, Stahura added. The combined shows "really noteworthy" domain name industry consolidation, Frakes said: Centralnic made numerous acquisitions in 2020, as did mmx.co, which acquired ICM Registry, while GoDaddy bought Neustar's registry business. The industry "saw some consistency" in the shifts that working during the pandemic caused, he said. Not only did registrations continue, but the secondary market also had growth. There were record domain name sales, such as $20 million for money.com. It's important to keep an eye on how these vertically integrated businesses operate and whether competition remains, Frakes said. Ethos Capital didn't comment.
Proposed new EU rules for digital platforms could become a global norm, some stakeholders speculated. The Digital Services Act (DSA) and the Digital Market Act (DMA), unveiled by the European Commission Dec. 15 (see 2012150022), aim to protect fundamental rights online and create a fairer, more open digital market, the EC said. DSA would require very large platforms ("gatekeepers") take risk-based action to prevent abuse of their systems through increased transparency.
Google's proposed acquisition of Fitbit can proceed, with conditions, the European Commission said. There was an investigation of the transaction and the companies' complementary activities, it said Thursday. Fitbit has limited market share in the smartwatch segment in Europe, where there are many larger rivals, such as Apple, Garmin and Samsung, so the acquisition will lead to "very limited horizontal overlaps," the EC said. The probe focused on data collected by Fitbit wearable devices and the interoperability of those devices with Google's Android operating system for smartphones. The EC was concerned Google would acquire Fitbit's database on users' health and fitness, plus the technology to develop a similar database, making it hard for rivals to match Google's services in online search advertising. Other worries were that Google might restrict competitors' access to Fitbit's web application programming interface, to the detriment of European startups in the emerging digital healthcare space, and that Google could put competing makers of wearable wrist devices at a disadvantage by degrading their operability with Android smartphones. Google has offered commitments on advertising, web API access and Android APIs to run for 10 years and be monitored by a trustee to be appointed before the transaction closes, the EC said. "This deal will spur innovation in wearable devices and enable us to build products that help people lead healthier lives," emailed a Google spokesperson. "We understand that regulators wanted to look closely at this transaction, and we have worked constructively with them to resolve their concerns, including the set of legally binding commitments the" EC accepted. The spokesperson cited his company's past "assurances" about the takeover and privacy and working with other stakeholders.
Major "gatekeepers" such as social media services would face tighter supervision under proposed legislation unveiled by the European Commission Tuesday. The Digital Services Act (DSA) and Digital Market Act (DMA) aim to give users better, more reliable services, allow smaller companies to scale up across the EU and prevent unfair conditions imposed by online platforms that are or are expected to become gatekeepers to the single market, the EC said. They are "milestones in the journey to making Europe fit for the digital age," said EC Vice President Margrethe Vestager. The goal is to ensure internet users have access to a wide range of digital services, all companies can compete online as they do offline, and users can trust what they see online, she said. The DSA contains measures to counter illegal content and has transparency rules for platforms and requirements for very large platforms to prevent abuse of their systems. The DSA builds on existing intermediary liability rules in the EU e-commerce directive. Very large platforms that fail to comply would face fines of up to 6% of global revenue. The DMA applies specifically to gatekeepers, to be defined by their role in the market according to factors such as size, whether they operate as gatekeepers between businesses and users, and whether they have an entrenched position. Gatekeeper obligations, the EC said, would include giving companies that advertise on its platform access to the performance measuring tools it uses. Gatekeepers would need to allow business users to promote their own offers and give such users access to the data generated by those activities. Large platforms would be barred from blocking users from uninstalling and preinstalling software or apps, using data obtained from their business users to compete with those companies, and restricting users from accessing services they found elsewhere. Companies would self-verify as gatekeepers if they meet DMA quantitative thresholds. The EC would then designate them as gatekeepers, and within six months, they would need to comply with DMA rules. Platforms that ignore the rules are subject to fines of up to 10% of revenue, and, if there are systemic infringements, the EC can impose additional remedies such as forcing a unit's sale. The proposed legislation needs approval by the European Parliament and the Council.
The debate on trans-Atlantic data flows is starting to shift as the U.S. and EU increasingly recognize their shared values, officials said Tuesday at a webcast data protection and privacy conference in Brussels. The regions are negotiating a targeted enhancement to Privacy Shield that will comply with the European Court of Justice ruling in Schrems II, withstand further legal challenge and ensure U.S. sovereignty over its national security, said James Sullivan, International Trade Administration deputy assistant secretary for services. The ECJ decision overturned PS (see 2007240031). Any revised accord will have to relieve companies of the need to carry out separate reviews of the national security regimes of countries to which they want to transfer personal data, Sullivan said. Since the U.S. revised its surveillance laws in 2015, it has become the gold standard for protection against data access for national security purposes, he said. One complicating factor in the discussion is that Schrems II caused skepticism from some in the U.S. about making further commitments to Europe that could force changes in U.S. law, doubts reinforced by the EU not scrutinizing at the same level surveillance practices of some of its own members, he said. The European Commission is convinced the intersection of privacy and national security is the avenue to pursue to address the court ruling, said Bruno Gencarelli, head of international data flows and protection unit. He warned there's no quick fix because a solution must be legally and politically defensible. Gencarelli sees much more common ground now between the EU and U.S. and more convergence as more companies adopt data protection practices around privacy laws; nations at the G7, G20 and Organization for Economic Co-operation and Development level now realize that like-minded countries should be the ones to define common standards. Talks with the U.S. on an enhanced PS involve a negotiation on complex issues that won't be resolved overnight, Gencarelli said. It's a priority for the EC, and "we expect to move quickly" to agree on several provisions. This isn't a beauty contest about which privacy system is better; it's about finding solutions, he said. Sullivan said both sides have been "very creative" in coming up with solutions to bridge their differences, and challenges aren't insurmountable.