Big surprise in store today, this weeks picks include a bit more e-commerce and a little less data protection and artificial intelligence. I’ve a feeling we’ve determined the main corners of our Bermuda Triangle from this day forth.
🤖 Artificial Intelligence
The European Parliament [published]() a new version of “What the Think Tanks Are Thinking” compilation. Summarising all would be impossible so I’ve picked (a little by chance, a little because I’m a sucker for fundamental regulation) “Effective AI regulation requires understanding general-purpose AI” by Brookings. The article discusses the challenges in evaluating and regulating the latest generation of AI models, like GPT-4, which are general-purpose and can be applied across a wide range of tasks, making their full scope of use and potential impacts currently unpredictable. Unlike traditional AI models designed for specific tasks, where adverse effects can be more readily identified and mitigated, the versatility of modern generative AI complicates the assessment of risks and biases. The lack of detailed information on how these AI models are being utilized in various contexts hinders the development of effective regulations and guardrails. To address this issue, the article suggests the need for better data on AI usage, which could come from government mandates for reporting AI applications in certain industries, research through surveys or interviews, and tech companies providing insights based on user interactions with their AI products. The rest is also a riveting read, so do check them out.
🔏 Data Protection & Privacy
The French Data Protection Authority (“CNIL”) published the English version of the 2024 edition of the practice guide for the security of personal data. The guide updates and expands the previous guidance to include new developments in data protection. This edition introduces five new factsheets focusing on contemporary issues like artificial intelligence, mobile applications, cloud computing, application programming interfaces, and data management security. The guide, structured into five parts with a total of 25 factsheets, aims to assist data protection officers, chief information security officers, computer scientists, and legal experts in implementing robust data security practices. It underscores the importance of appropriate technical and organizational measures to protect personal data, as mandated by the GDPR and French law since 1978. The updated guide reflects the evolving nature of digital threats and advancements in technology, making it a crucial resource for professionals responsible for securing personal data processing.
🛒 E-Commerce & Digital Consumer
The European Commission launched investigations into Alphabet (Google), Apple, and Meta for potential non-compliance with the Digital Markets Act (“DMA”), a mere few weeks after it entered into the compliance stage.The investigations aim to address concerns over fair competition and consumer choice in the digital market. The inquiries focus on Alphabet’s and Apple’s app store practices, which might limit developers’ abilities to offer alternatives to users, Alphabet’s possible self-preferencing in Google Search results, Apple’s restrictions on user choice regarding default services and software uninstallation, and Meta’s “pay or consent” model for user data. Additional probes into Amazon’s product ranking and Apple’s new app store fee structure are underway. These actions highlight the EU’s commitment to enforcing the DMA, aiming to ensure that large digital platforms operate in a fair and competitive manner, respecting user rights and promoting innovation. The outcome of these investigations could lead to significant changes in digital market practices, with the potential for fines and other remedies if the companies are found in violation of the DMA.
In a notable legal development, the Court of Justice overturned a previous decision by the President of the General Court, which had temporarily suspended the obligation for Amazon Services Europe to make an advertisement repository publicly accessible. This obligation comes under the Digital Services Act (“DSA”), following Amazon Store’s designation as a very large online platform. Amazon’s initial appeal for annulment and request for interim measures aimed at suspending this obligation, arguing it infringed on its fundamental rights to privacy and freedom of business conduct. However, the Vice-President of the Court of Justice found procedural flaws in how Amazon’s arguments were handled previously, notably that the Commission was not given a fair chance to respond. Upon review, it was determined that the potential harm to Amazon did not outweigh the public interest in achieving the objectives of the DSA promptly, particularly given the potential for very large platforms to affect the online environment. The ruling highlights the judiciary’s role in balancing corporate interests against regulatory goals aimed at protecting the digital environment and users’ fundamental rights, ultimately favoring the broader benefits of transparency and regulatory compliance over Amazon’s objections.
The Body of European Regulators for Electronic Communications (“BEREC”) issued an opinion on Meta’s draft reference offer for WhatsApp interoperability under the DMA. It particularly focuses on ensuring market contestability and reducing entry barriers for alternative Number-Independent Interpersonal Communication Services. Key aspects evaluated include the clarity and comprehensiveness of service descriptions, technical standards, and the facilitation of reachability and opt-in/opt-out mechanisms. BEREC highlights concerns over the adequacy of technical documentation, encryption protocol flexibility, and the necessity for explicit user consent under GDPR. It stresses the importance of well-defined service levels, KPIs, and data security measures to guarantee service quality and user protection. Additionally, the Opinion critiques the broad terms for service suspension and termination, suggesting they be narrowly defined and transparent. It also calls for detailed dispute resolution mechanisms, accessible technical support, and a balanced approach to updates and audits to foster equitable and effective interoperability. BEREC underscores the need for dynamic adjustment of interoperability conditions and transparent public availability of Meta’s reference offer, ensuring it caters to both current and future interoperability challenges while safeguarding user rights and fostering competition.
Meanwhile across the world, Australia’s eSafety Commissioner issued legal notices to key tech firms, including Google, Meta, X, WhatsApp, Telegram, and Reddit, demanding they detail their efforts to combat the spread of terrorist and violent extremist content online. This move is spurred by the role of social media in online radicalization and public safety threats, as evidenced by attacks in Christchurch, Halle, and Buffalo, and utilizes the powers of the Online Safety Act. The notices aim to understand how these platforms manage harmful content and their plans to address the misuse of emerging technologies like generative AI for extremist purposes. With Telegram, YouTube, and Twitter/X identified as leading platforms for such content, and Reddit noted for its part in radicalizing the Buffalo shooter, the inquiry highlights the need for greater transparency and accountability in the tech industry’s protective measures. The companies, also questioned on their strategies against child exploitation, have 49 days to respond, marking a significant step towards understanding and mitigating online extremism risks. Social media being grilled (their words not mine) all around the world, secretly satisfying.
📄 Recommended Readings
Here’s a few –in no particular order– of recent publications that piqued my interest this week. Remember to grab a cuppa (purely optional, strongly advised) and settle in for some riveting reading.
Copyright Content Moderation in the European Union: State of the Art, Ways Forward and Policy Recommendations by João Pedro Quintais, Christian Katzenbach, Sebastian Felix Schwemer, Daria Dergacheva, Thomas Riis, Péter Mezei, István Harkai & João Carlos Magalhães
Caveat Lector: Large Language Models in Legal Practice by Eliza Mik
Moral judgment of objectionable online content: Reporting decisions and punishment preferences on social media by Sarah Vahed, Catalina Goanta, Pietro Ortolani & Alan G. Sanfey
Disclaimer: I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within. I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
So there you have it, folks – another week in the fascinating realm of IT Law. Remember to pop back next week for your latest dose of legal updates, served with a twist. Cheerio!
If you have any thoughts or suggestions on how to make this digest even more enjoyable, feel free to drop a line. Your feedback is always welcome!
Featured image generated using DALL·E 3.
