Hello and welcome back to what I am now calling the Weekly Picks in European IT Law! p.s. no official name changes, it’s just for the show.
🤖 Artificial Intelligence
A Czech Court reportedl ruled an image created by the AI program DALL·E cannot be protected by copyright because it was not authored by a natural person. (a sad day for this blog) This case involved a claimant who used DALL-E to generate an image for their website, depicting a business contract signing in Prague. The image was later copied by a defendant law firm for its own use, leading to the copyright infringement suit. Czech Copyright Act requires the author to be a “natural person who created the work.” The court observed that the image, being an AI creation, did not result from the creative activity of a natural person, thus falling outside the scope of copyright protection under the Act. The judgment reflects a broader trend in European courts grappling with the legal implications of AI-generated content, noting that while the court did not dismiss the possibility of human authorship if substantiated by evidence, the claimant in this instance did not meet the burden of proof. This case emphasizes the need for users of AI-generated images to consider alternative protections like contractual agreements, as copyright laws may not offer recourse against unauthorized use.
🔏 Data Protection & Privacy
This week’s contending star: the EDPB’s opinion on “consent or pay” models. (You may remember that the models were under scrutiny) The Board concluded that such models often fail to meet the stringent consent requirements of the GDPR. The EDPB’s opinion was that valid consent under GDPR necessitates that it be freely given, specific, informed, and unambiguous. It highlighted the necessity for platforms to offer users a genuine choice between consenting to data processing for behavioral advertising or opting for an equivalent, non-paid alternative that does not involve such processing. The board emphasized that this alternative must provide similar functionality and quality, ensuring that users are not coerced into consenting due to financial deterrents or the absence of viable alternatives. The EDPB also stressed the importance of transparency and accountability, requiring that platforms clearly inform users about processing activities and make withdrawing consent as easy as giving it. Supervisory authorities were urged to enforce these principles rigorously, ensuring that platforms do not exploit their dominant market positions to undermine the fundamental rights of users. High standards over here. A highlight from the decision:
“Whether any fee imposed is such as to inhibit data subjects from making a genuine choice or nudge them towards providing their consent. In respect of the imposition of any fee to access the ‘equivalent alternative’ version of the service, controllers should assess, on a case-by-case basis, both whether a fee is appropriate at all and what amount is appropriate in the given circumstances, bearing in mind the need of preventing the fundamental right to data protection from being transformed into a premium feature reserved for the wealthy. This evaluation should be carried out in light of the requirements of valid consent and of the principles under Article 5 GDPR, in particular the fairness principle, and taking into account both possible alternatives to behavioural advertising that entail the processing of less personal data and the data subjects’ position.”
The EDPB set out its strategic focus for 2024-2027, emphasizing the consistent application and effective enforcement of EU data protection laws, particularly the GDPR. The strategy is built on enhancing cooperation among DPAs across the EU to manage challenges posed by new technologies like artificial intelligence, ensuring robust compliance mechanisms, and maintaining a human-centric approach in data protection practices. Key pillars include promoting global dialogue on data protection, fostering international cooperation, and supporting the development and implementation of practical tools for compliance, such as certification and codes of conduct. The strategy also focuses on integrating data protection requirements with other legislative frameworks within the EU, such as the Digital Services Package and the European Data Strategy, to safeguard personal data against the backdrop of rapid digitalization. Sounds fancier than is?
🛒 E-Commerce & Digital Consumer
Summary of the European Commission’s decision to not designate Apple’s iMessage as a gatekeeper under the Digital Markets Act (DMA), despite it meeting the initial quantitative thresholds for such classification, published in the Official Journal. This decision, derived from a comprehensive market investigation, found that iMessage does not serve as a crucial gateway for business users to access end users. Initially, in September 2023, Apple was identified as a gatekeeper for its App Store, iOS, and Safari browser, prompting a further examination of iMessage as a number-independent interpersonal communication service (NIICS). The investigation assessed iMessage’s impact based on user engagement and business utility within the EU. It concluded that iMessage’s usage, both in terms of monthly and daily active users, was significantly lower than other major messaging platforms like WhatsApp and Messenger. Moreover, business utilization of iMessage, particularly through Apple’s Messages for Business, was minimal, indicating a limited role in B2C communications. The findings highlighted that iMessage’s integration with SMS/MMS often leads to its unintentional use among Apple device users, further emphasizing its limited strategic importance as a business communication channel. Consequently, the Commission closed its investigation, ruling out iMessage as a significant business-user gateway under the DMA.
Another summary of the EC on DMA gatekeepers was published in the Official Journal: to designate or not to designate Microsoft as a gatekeeper for its core platform services: Bing (online search engine), Edge (web browser), and Microsoft Advertising (online advertising services). The EC concluded not. This decision was reached despite these services initially meeting the DMA’s quantitative thresholds for gatekeeper status. The investigation was spurred by Microsoft’s earlier designation as a gatekeeper for other services, prompting a reevaluation of these three services. The Commission found that Bing, Edge, and Microsoft Advertising do not act as significant gateways for business users to reach end users. For Bing, the decision was based on its relatively low end-user engagement compared to Google Search. For Edge, its limited use and reliance on Alphabet’s Blink rendering engine reduced its significance as a gateway. Microsoft Advertising was found to have a small scale and low business user engagement within the broader online advertising market. Thus, these services were not deemed crucial in connecting business users with end users, leading to the conclusion that Microsoft should not be designated as a gatekeeper for these specific services.
📄 Recommended Readings
Here’s a few –in no particular order– of recent publications that piqued my interest this week. Remember to grab a cuppa and settle in for some riveting reading.
Automated Decision-making and Artificial Intelligence at European Borders and Their Risks for Human Rights by Yiran Yang, Frederik Zuiderveen Borgesius, Pascal Beckers & Evellen Brouwer
Follow the (personal) data: Positioning data protection law as the cornerstone of EU’s ‘Fit for the Digital Age’ legislative package by Gabriela Zanfir-Fortuna
AI Act and Large Language Models (LLMs): When Critical Issues and Privacy Impact Require Human and Ethical Oversight by Nicola Fabiano
Disclaimer: I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within. I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
So there you have it, folks – another week in the fascinating realm of IT Law. Remember to pop back next week for the latest it IT Law!
If you have any thoughts or suggestions on how to make this digest more enjoyable and informative, feel free to drop a line. Your feedback is always welcome!
Featured image generated using DALL·E 3.
