View from Brussels #261

Highlights from the Past Weeks

CW 27 / Monday, 3 July to Thursday, 6 July: Political Group and Committee Meeting Week (Brussels);

CHILD SEXUAL ABUSE I – OVER 400 ACADEMICS WARN ABOUT SCANNING CONTENT:

More than 400 international academics and researchers today called on EU lawmakers and Member States to reject content scanning to combat child sexual abuse material. In a joint statement, 404 scientists from 35 countries, such as the Netherlands, Canada, the United States and South Korea, warned against forcing tech companies to use “deeply flawed” or non-existent AI tools to scan and detect illegal content, even if it is encrypted, as part of a draft regulation to crack down on offenders and illegal content online. (See Google doc)

Researchers lament that the legislation is undermining security and privacy in Europe and setting a “global precedent for filtering the Internet, controlling who can access it, and taking away some of the few tools available for people to protect their right to a private life in the digital space”.

CHILD SEXUAL ABUSE II – COUNCIL WITHDRAWS ENCRYPTION  AND PRIVACY SAFEGUARDS:

The Swedish presidency had proposed adding explicit language to ensure the regulation doesn’t lead to a general monitoring obligation or prohibit, weaken or circumvent cybersecurity measures like end-to-end encryption. But the new Spanish presidency of the EU Council, in the latest compromise amendments dated 29 June, has proposed rolling back encryption and privacy safeguards in the draft law to combat child sexual abuse. In a footnote, the presidency cited political advice from ambassadors and feedback from EU law enforcement attachés at the last meeting.

Spain proposed introducing more options to ensure that scanning is a last resort. Based on a new draft article, the lead authority overseeing compliance with the regulation could request a tech company to update its risk assessment, and adapt or improve its measures to limit risks. Spain also proposed limiting the possibility of issuing a detection order to judicial authorities. The Commission wanted also to make it possible for an “independent administrative authority” to issue such orders. (See netzpolitik.org, DE and Politico Pro, Paywall)

 

CHILD ABUSE III – POLAND SEES CSAM REGULATION AS SUPERFLUOUS: The regulation on combating child sexual abuse material on the Internet (CSAM Regulation) is unnecessary because there are already other regulations for safety on the Internet, according to Paweł Lewandowski, Polish State Secretary in the Prime Minister’s Office. “This regulation is not necessary at all. We are simultaneously making other regulations regarding safety on the internet and giving new rights and new abilities for services,” Lewandowski said. Privacy “is very important for countries like ours, that has the experience of totalitarian regimes, who are reading our post mails and everything,” Lewandowski added. Poland firmly believes that encryption should not be banned or weakened in any way. According to Lewandowski, many people in the EU Council share their views. (see Euractiv)

ARTIFICIAL INTELLIGENCE – SPAIN WITH FIRST COMPROMISE PROPOSAL: The new Spanish Council Presidency has set out its agenda for the trilogue talks on the law on artificial intelligence in a working paper (PDF).

In the paper, dated 29 June, Spain asks EU Member States for feedback ahead of a meeting of the Council’s Working Group on Telecommunications.

According to the paper, Spain wants the meeting to address “in a preliminary way” four issues on which the European Parliament and EU governments are divided. These are the definition of an AI system, the classification of AI systems as high-risk, the list of high-risk AI applications (known as Annex III) and the need for a fundamental rights impact assessment for high-risk AI systems. The document outlines some possible compromise options.

The paper also says that a “compromise proposal” on several parts of the law should be worked out ahead of a meeting of deputy ambassadors of EU countries on 7 July. These compromise proposals are likely to be discussed at the talks on 18 July. (See Euractiv or Politico Pro, paywall)

PRIVACY I – MEMBER STATES AGREE TO ADEQUACY DECISION: Last week, the Member States had three days to vote in written procedure on the adequacy decision submitted by the EU Commission – the Transatlantic Digital Privacy Framework (TADPF), the successor to the Privacy Shield. Of the 27 member states, 24 voted in favour and three abstained.

The EU Commission could officially confirm the decision as early as Monday.

US Commerce Secretary Gina Raimondo, meanwhile, announced that the US had fulfilled its obligations to implement the EU-US data protection framework.

PRIVACY II – ECJ SUPPORTS COOKIE WALLS: As can be seen from a paragraph of the judgment of 4 July in Meta v. the German Federal Cartel Office (Bundeskartellamt) (C-252/21), the ECJ sees cookie walls as a viable way forward. Paragraph 150 instructs platforms to offer an alternative to users who do not wish to share their personal data in order to access content, “where appropriate, for a reasonable fee”.

This practice “cookie wall”) was one of the reasons for the failure of the negotiations on the e-privacy regulation, as the Parliament wanted to ban it against the will of the Member States. This is the first time that the Court has openly positioned itself on this issue. (See Guillaume Champeau via Twitter, FR and Contexte, paywall, FR)

CYBERSECURITY – EP COMMITTEE AGREES ON COMPROMISE: The shadow rapporteurs have agreed on the final compromises (PDF) on the Cyber Resilience Act (CRA) in the Industry, Research and Energy (ITRE) Committee.

The ITRE Committee will formally vote on the draft on 19 July before the text goes to plenary in September. (See Politico Pro, Paywall)

INFRASTRUCTURE – EP COMMITTEE WITH ALMOST 400 AMENDMENTS TO GIA: MEPs in the ITRE Committee tabled their amendments, highlighting the main disagreements in the legislative discussions(63-262, 263-459 – PDF).

In the nearly 400 amendments tabled, European Parliament rapporteur Alin Mituta (Renew, RO) received broad support for his proposal to abolish charges for calls within the EU. But other controversial issues have emerged for the leading MEP to deal with. In particular, containing the controversial debate on the sender principle is important. (See Euractiv)

DATA ACT – FIRST CONSOLIDATED VERSION OF THE COMPROMISE: Contexte (paywall, FR) publishes a consolidated version of the Data Act compromise (PDF). It will be submitted to the Ambassadors of the Member States (Coreper) on 14 July and to the Parliament’s Industry Committee (ITRE) on 19 July for confirmation. The text clarifies the last remaining question; the governance model. It now allows Member States to designate more than one competent authority to implement the Act provided that a “data coordinator” is designated in this case, as the Parliament proposes. If an entity covered by the Act operates in more than one Member State, it must be subject to the jurisdiction of the country where its principal place of business is located.

DIGITAL MARKETS ACT – REGISTRATION DEADLINE FOR GATEKEEPERS EXPIRED: Under the Digital Markets Act (DMA), which came into force in November, companies with more than 45 million monthly active users and a market capitalisation of €75 billion that offer a core platform service are considered gatekeepers. Stricter rules will apply to these platforms in the future.

Seven companies say they meet the new EU criteria for gatekeepers under the Digital Markets Act (DMA):

• Alphabet (Google)
• Amazon
• Apple
• Bytedance (Tiktok)
• Meta (Facebook, Instagram, WhatsApp)
• Microsoft
• Samsung

The EU Commission now wants to examine all applications and appoint the gatekeepers for certain platform services by 6 September.

METAVERSE – COMMISSION WANTS INNOVATION AND“TOOLKIT” INSTEAD OF REGULATION: The EU executive plans to present a communication on virtual worlds (such as the metaverse) on 11 July. Contexte has published a draft of the text (PDF) in advance. The main takeaway from this is that no new laws are planned to regulate these new tools, which “have not caused concern so far”, as Commission Vice-President Margrethe Vestager told journalists. Instead, the Commission wants to build on a “robust” regulatory landscape that already exists in the areas of data protection, consumer protection and regulation of platforms, as well as on planned and existing codes of conduct or programmes such as Digital Europe. The focus of the communication is rather on accompanying innovations: It wants to promote the establishment of “regulatory sandboxes” and develop “toolboxes” for the general public and to help businesses fight online counterfeiting. Finally, the Commission plans to launch, in liaison with States and industry, a “structured approach” to monitor the evolution of virtual worlds and to work with the European Centre for the Transparency of Algorithms and the international standardisation organisations to promote the interoperability of tools. (See Contexte, paywall, FR and Euractiv).

DATA PROTECTION – EU COMMISSION PRESENTS PROPOSAL TO IMPROVE GDPR ENFORCEMENT: The EU Commission wants to improve cooperation between data protection authorities in enforcing the General Data Protection Regulation (GDPR) in cross-border cases. Last week, a new regulation presented by the EU Commission lays down concrete procedural rules for authorities when applying the GDPR in cases that affect individuals in several Member States. (See press release COM)

CLOUD – EUROPEAN ALLIANCE FOR INDUSTRIAL DATA, EDGE AND CLOUD PRESENTS ITS FIRST RESULTS: The members of the European Alliance for Industrial Data, Edge and Cloud delivered two key deliverables to the EU Commission last week: the updated strategic roadmap for the cloud edge industry and the requirements for a cloud-based platform for the aerospace, security and defence sector.

In parallel to these activities, the Commission continues to work on the preparation of non-binding Commission guidelines on common European standards and requirements for public procurement of data processing services based on the Alliance’s input. (See press release COM)

FRANCE – SENATE APPROVES NEW RULES FOR CLOUD AND SOCIAL MEDIA: The French Senate voted unanimously last week in favour of the French Technology Bill, which includes new rules on cloud computing, age verification and AI-generated content.

The text also aligns French law with EU regulations on platforms and data: the Digital Services Act (DSA), the Digital Markets Act (DMA) and the Data Governance Act (DGA).

The text will be introduced in the National Assembly in autumn before becoming law. (See Politico Pro, Paywall)

Relevant publications, including from the EP Think Tank:

• EU chip law (At a Glance)
• Revision of the Energy Efficiency Directive (At a Glance)
• Revising the Energy Efficiency Directive: ‘Fit for 55’ package (Briefing)
• Policy departments Monthly Highlights – July 2023 (At a Glance)
• Outcome of the European Council meeting of 29-30 June 2023 (Briefing)

Selected consultations

• Draft BEREC Report on practices and challenges of the phasing out of 2G and 3G – Feedback on the report: 13 June to 15 August 2023
• Cyber Solidarity Act – feedback on the Act: 20 April 2023 until 20 July 2023 (extended)

Outlook for the Current Week

Here you will find a list of the upcoming dates of the European Parliament as well as the overview of the plenary session week (including European Chips Act, Energy Efficiency Directive). The meeting calendar for 2023 is available here (PDF) and for 2024 here.

You can find an overview of the most important dates of the week of the Council here or the meeting calendar here.
The official calendar and the priorities of the new Spanish Presidency can be found on the dedicated website. A first draft of the 2024 Belgian Presidency calendar (PDF) has been published by Politico.

Council appointments include:

Summits and Ministerial Meetings:

• Informal Ministerial Meeting on Environment, Monday, 10 and Tuesday, 11 July;
• General Affairs Council, Monday, 10 July – Agenda, A items, A items addendum, Background Brief;
• Informal Meeting of Defence Ministers, Tuesday, 11 and Wednesday, 12 March;
• Informal Meeting of Health Ministers, Thursday, 13 and Friday, 14 July – Programme;
• Economic and Financial Affairs Council, Friday, 14 July – Agenda, A items;

Preparatory Bodies:

• Working Party on Competitiveness and Growth (Industry), Friday, 10 July (Agenda);
• Horizontal Working Party on Cyber Space Issues (including CRA), Monday, 10 July (Agenda) and Thursday, 13 July;
• Working Party on Telecommunications and Information Society (including GIA), Tuesday, 11 July (Agenda) and Thursday, 13 July;
• Horizontal Working Party on Enhancing Resilience and Countering Hybrid Threats, Tuesday, 11 July;
• Working Party on Tax Issues (direct taxation), Tuesday, 11 July (Agenda) and Wednesday, 12 July (Agenda);
• Working Party on Competitiveness and Growth (Single Market) (including DSA), Monday, 13 July (Agenda) and Thursday, 14 July;
• Working Party on Consumer Protection and Information, Monday, 10 July (Agenda) and Tuesday, 14 July (Agenda);
• COREPER I (incl. AI Act, Data Act), Wednesday, 12 and Friday, 14 July (Agenda);
• Coreper II, Wednesday, 12 and Friday, 14 July (Agenda);

Information about the weekly Commission meeting can be found on the website of the Commission in the preview (PDF) or (at short notice) in the current agenda. The non-legislative proposal on the metaverse is now due on 11 July.
The following topics are on the agenda for next week, :

• Greening transport package
• Initiative on virtual worlds
• Revision of the victims’ rights Directive

The judicial calendar of the ECJ can be found here.

European Parliament Committees

CW 28 / Monday, 10 July to Thursday, 13 July: Plenary Session Week (Strasbourg);

The current agenda does not contain any topics directly relevant to the Internet industry.

LIBE Committee (Civil Liberties)

Current Meetings

• none

Further Meetings (calendar)

• Monday, 17 July, 14.30-18.00 (Brussels)
• Tuesday, 18 July 9.00-12.30 and 14.30-18.00 (Brussels)

JURI Committee (Legal)

Current Meetings

• none

Further Meetings (calendar)

• Wednesday, 19 July (Brussels)
• Thursday, 20 July (Brussels)

Dossiers Timetable (22 June 2023)

ITRE Committee (Industry)

Current Meetings

• Monday, 10 July (Strasbourg)

Extract from the provisional agenda

…

5. Amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity

ITRE/9/06236

***I 2021/0136(COD) COM(2021)0281 – C9-0200/2021

 

Rapporteur:
	Romana Jerković (S&D)
Responsible:
	ITRE*
Opinions:
	IMCO*	Andrus Ansip (Renew)	AD – PE704.865v02-00 AM – PE731.599v01-00
	JURI*	Pascal Arimont (PPE)	AD – PE731.697v02-00 AM – PE732.925v01-00
	LIBE*	Cristian Terheş (ECR)	AD – PE732.601v02-00 AM – PE732.842v02-00

• Reporting back to committee on the negotiations (Rule 74(3))

…

Further Meetings (calendar)

• Wednesday, 19 July, 9.00-12.30 and 14.30-18.30 (Brussels)
• Thursday, 20 July, 9.00-12.30 (Brussels)

Dossiers timetable (PDF) (5 July 2023)

IMCO Committee (Single Market)

Current Meetings

• none

Further Meetings (calendar)

• Monday, 17 July (Brussels)
• Tuesday, 18 July (Brussels)

Dossiers timetable (June 2023)

CULT Committee (Culture)

Current Meetings

• none

Further Meetings (calendar)

• Monday, 17 July (Brussels)
• Tuesday, 18 July (Brussels)

Further Parliamentary Calendar Dates

• CW 29 / Monday, 17 July to Thursday, 20 July: Committee Meeting Week (Brussels);
• CW 30 / Monday, 24 July to Thursday, 28 July: Green Week / Not in session;
• CW 31-33 / Monday, 31 July to Sunday, 20 August: Parliamentary recess;
• CW 34 / Monday, 21 August to Friday, 25 August: Green Week / Not in session;
• CW 35 / Monday, 28 August to Thursday, 31 August: Committee Meeting Week (Brussels);