Category: eu

It’s customary for regulatory filings to preemptively declare a wide variety of possible future hazards, and in that spirit a recently-filed Meta financial statement cites a ruling by the EU’s Court of Justice (in July of 2020) voiding a U.S. law called the Privacy Shield (which Meta calls one legal basis for its current dara-transferring practices). Though courts are now determining the ruling’s ramifications, ITWire notes that “with the European General Data Protection Regulation (GDPR) well in force, the U.S. Privacy Shield principles were found non-compliant and consequently invalid.” So while that ruling affects every American company, including cloud companies like Google, Microsoft, and Amazon, it’s Facebook/Meta that “says stopping transatlantic data transfers will have a devastating impact on its targeted online advertisements capabilities.”

Read it yourself, in Meta’s own words:

“If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on Standard Contractual Clauses [now also subject to new judical scrutiny] or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations.”

Of course, the filing also cites other hazards like the possibility of new legislation restricting Facebook’s ability to collect data about minors, complaining that such legislation “may also result in limitations on our advertising services or our ability to offer products and services to minors in certain jurisdictions.”

And in addition, “We are, and expect to continue to be, the subject of investigations, inquiries, data requests, requests for information, actions, and audits by government authorities and regulators in the United States, Europe, and around the world, particularly in the areas of privacy, data protection, law enforcement, consumer protection, civil rights, content moderation, and competition…”

“Orders issued by, or inquiries or enforcement actions initiated by, government or regulatory authorities could cause us to incur substantial costs, expose us to unanticipated civil and criminal liability or penalties (including substantial monetary remedies), interrupt or require us to change our business practices in a manner materially adverse to our business, result in negative publicity and reputational harm, divert resources and the time and attention of management from our business, or subject us to other structural or behavioral remedies that adversely affect our business.”

(Thanks to Slashdot reader juul_advocate for sharing the story!)

The APD has ruled that any and all data collected as part of this Real-Time Bidding process must now be deleted. This could have fairly substantial implications for many big tech companies with their own ad businesses, including Google and Facebook, as well as big data companies. It may also have a large impact on many media platforms and publishers on the continent who will now need to address the fallout from the finding. Regulators have also handed down an initial fine of 250,000 euros to IAB Europe and ordered the body to effectively rebuild the ad-tech framework it currently uses. This includes making the system GDPR compliant (if such a thing is possible) and appoint a dedicated Data Protection Officer. Until now, IAB Europe has maintained that it did not create any personal data, and said in December that it was a standards setter and trade association, rather than a data processor in its own right. IAB Europe says the ruling did not ban the use of Transparency and Consent Frameworks, adding that it’s looking to reform the process and “submit the Framework for approval as a GDPR transnational Code of Conduct.”

According to Engadget, [I]t may launch a legal challenge to fight the accusation that it is a data controller, a decision it says will “have major unintended negative consequences going well beyond the digital advertising industry.”

“European open-source cloud company Nextcloud does.”

Now, with a coalition of other European Union (EU) software and cloud organizations and companies called the “Coalition for a Level Playing Field,” Nextcloud has formally complained to the European Commission about Microsoft’s anti-competitive behavior by aggressively bundling its OneDrive cloud, Teams, and other services with Windows 10 and 11.

Nextcloud claims that by pushing consumers to sign up and hand over their data to Microsoft, the Windows giant is limiting consumer choice and creating an unfair barrier for other companies offering competing services. Specifically, Microsoft has grown its EU market share to 66%, while local providers’ market share declined from 26% to 16%. Microsoft has done this not by any technical advantage or sales benefits, but by heavily favoring its own products and services, self-preferencing over other services. While self-preferencing is not illegal per se under EU competition laws, if a company abuses its dominant market position, it can break the law. Nextcloud states that Microsoft has outright blocked other cloud service vendors by leveraging its position as gatekeeper to extend its reach in neighboring markets, pushing users deeper into its ecosystems. Thus, more specialized EU companies can’t compete on merit, as the key to success is not a good product but the ability to distort competition and block market access….

So, Nextcloud is asking the European Commission’s Directorate-General for Competition to prevent this kind of abusive behavior and keep the market competitive and fair for all players. Nextcloud is doing this by filing an official complaint with this body. In addition, Nextcloud has also filed a request with the German antitrust authorities, the Bundeskartellamt, for an investigation against Microsoft. With its partners, it’s also discussing filing a similar complaint in France.

Nextcloud is being joined in its complaint by several open-source, non-profit organizations. These include the European DIGITAL SME Alliance; the Document Foundation, LibreOffice’s backing organization; and the Free Software Foundation Europe (FSFE)… Numerous businesses are also supporting Nextcloud’s legal action. This includes Abilian, an open-source software publisher; DAASI, an open-source identity management company; and Mailfence.