Europes fractured approach to digital regulation stymies fight against Big Tech – POLITICO.eu

When the EUs digital chief Margrethe Vestager meets Googles Sundar Pichai on Wednesday, you could forgive her for feeling smug.

Last week, a top EU court upheld her 2.4 billion fine against the U.S. search giant for boosting its own shopping comparison service over competitors in a ringing endorsement of her crackdown on tech power.

Secretly, Pichai may be smug too.

Its been almost a year since Vestager approved his companys acquisition of wearables company Fitbit and its troves of sensitive health data despite fierce pushback from privacy campaigners and concerns raised by Europes network of privacyregulators.

It wouldnt be the first time that her office has waved through a big data deal that causes privacy headaches later on, after Facebook reneged on promises it made when buying WhatsApp not to combine customer data across the platforms.

Now, Irelands data protection commission,which regulates the vast majority of Americantech companies under the EU data-protection rulebook,the GDPR,is being asked to weigh in on the Facebook/WhatsApp data sharing.

Data protection authorities are often left mopping up after other regulatory regimes have failed to act, said Daragh OBrien, a privacy consultant at Castlebridge.

The Irish privacyregulator whose chief, Helen Dixon, will be meeting with EU justice chief Didier Reynders on Wednesday a few doors down from Vestagers session with Pichai is no stranger to criticism.

Some of the sharpest criticism came after the Irish privacy regulator in Octobersaid it didnt have the authority to assess Facebooks contract with users to provide them with a personalized, advertising-funded platform.

In a draft decision that faced fierce opposition from privacy campaigners and even some fellow regulators (one said it would entail the end of data protection as we know it), the Dublin regulator said that while Facebook had failed to be sufficiently transparent with users about its privacy policy proposing a fine of up to 36 million it was ultimately up to consumer and competition authorities to determine whether that contract was fair.

When contacted by POLITICO, the competition authority said it hadnt received a copy of the draft decision,which had been published by the privacy campaigners behind the complaint.Besides,the Irish trustbusterdidnt have the authority to weigh in on the privacy regulators decision, it said.

The case highlights how even some of the most widespread practices by tech companies can fall between the cracks in Europes digital regulatory frameworks.

It's an issue that threatens to derail the 27-member bloc's fight against Big Tech and one it should bear in mind as it drafts sprawling new rulebooks meant to police online content and digital competition.

The Irish privacy regulator may have been wise to stick to its lane. In other cases where regulators have tried to bridge the divide between regulatory regimes, they have been shot down. In 2019, the German competition authority working in close tandem with privacy regulators ruled that Facebooks data collecting and combining were an abuse of market power.

But the German competition decision faces legal challenges and currently sits with the EUs top court, which has been asked to decide whether the authority went beyond its remit in using data-protection law to enforce trustbusting measures.

Other attempts to join up different digital regimes are proceeding more cautiously.

The EUs in-house privacy regulator, the European Data Protection Supervisor, began discussing increased cooperation between digital regulators back in 2013, forming the Digital Clearinghousein 2016 to bring together agencies from the areas of competition, consumer and data protection willing to share information and discuss how best to enforce rules in the interests of the individual.

But the Digital Clearinghouse quickly became ensnared in legal issues around how much regulators across different disciplines and countries could actually cooperate, and now operates mainly as an academic-led think tank.

Experiences across the Channel may point the way forward.

In 2020, the U.K. data protection, competition and media regulators formed the Digital Regulation Cooperation Forumto tighten cooperation on online regulation. Despite the cumbersome name, the body has gotten off to a promising start, announcing a detailed work program in March 2021, and bringing in the financial regulator shortly thereafter. The forum also has full-time staff, and it poached a Google executive earlier this month to become its chief executive.

The British regulators now work hand-in-hand on various topics, including a sprawling investigation into Googles online advertising empire.But it's not foolproof, as the country's regulatorrecently approved Facebooks deal to buy Kustomer, a software company sitting on troves of personal data, without any input from the data protection authority.

Arrangements like this could become more commonplace. In October, the Dutch privacy, competition and media regulators announced a similar arrangement. Across the Atlantic, the powerful U.S. Federal Trade Commission under new boss Lina Khan is looking to marry different strands of its large remit in a bid to strike at the heart of Big Techs business models.

Brussels' proposed new digital rules also hint at bridging the divide.

The European Commissions draft Digital Markets Act introduces prohibitions on combining personal data from several sources without seeking the users consent as well as obligations to "refrain from using, in competition with business users, any data not publicly available, which is generated through activities by those business users.

There is a hope that such joined-up thinking could avoid cases like Irelands Facebook decision, that seemingly fall into a legal no mans land.

Regulation of data needs the intervention of different authorities, and what we miss in Europe is a coordination mechanism among authorities, said Alexandre de Streel, academic co-director at the CERRE think tank.

As the EU's in-house privacy regulator Wojciech Wiewirowski puts it: "We need a common framework."

Want more analysis from POLITICO? POLITICO Pro is our premium intelligence service for professionals. From financial services to trade, technology, cybersecurity and more, Pro delivers real time intelligence, deep insight and breaking scoops you need to keep one step ahead. Email [emailprotected] to request a complimentary trial.

See original here:

Europes fractured approach to digital regulation stymies fight against Big Tech - POLITICO.eu