“Our common ambition is to make Europe a true digital power in the world,” declared European Commission president Ursula von der Leyen, marking the beginning of France’s European Union (EU) presidency. Europe, French president Emmanuel Macron announced, should not be “rule-takers, dependent on others,” but “should define our own rules for the digital world.”
Europe is having its moment in the digital sun. Having so far failed to nurture digital champions like Facebook and Google in the United States or TikTok and Alibaba in China, Europe instead has concentrated, with gathering energy, on regulating the digital world. The EU’s data protection regime has become the dominant global standard, and Big Tech firms have faced historic fines from European regulators in competition cases.
But Europe isn’t done. With new regulatory initiatives in the pipeline on competition and online content, ongoing negotiations with the United States on data transfers, and increasingly vocal support for European digital sovereignty, 2022 is shaping up to be a crucial year for Europe’s digital agenda—and for its impact across the Atlantic.
Watch the TTC
2022 will be the “make or break” year for the U.S.-EU Trade and Technology Council (TTC). The TTC, launched as a venue for building transatlantic cooperation on a range of tech and trade issues–including the challenges presented by digital authoritarians such as China—has the potential to galvanize U.S.-EU cooperation on a broad range of tech and trade issues. After a successful September 2021 launch in Pittsburgh, Pennsylvania, the next meeting—likely in the first half of 2022 in France—has still not been scheduled. The third meeting of the five co-chairs (commission vice presidents Margrethe Vestager and Valdis Dombrovskis for the EU and secretaries Antony Blinken and Gina Raimondo as well as U.S. trade representative Katherine Tai for the United States) is expected in the second half of 2022 in the United States.
The Pittsburgh meeting amply demonstrated the commitment of the co-chairs to the TTC and laid out the scope of issues to be discussed by the ten working groups. But for that commitment to endure, the TTC must produce concrete results during the next two meetings. If it does not, it will risk being branded a mere “talk shop” and interest by high-level leaders is likely to wane. Moreover, the support of U.S. corporate stakeholders will erode if the TTC does not address some of their concerns about pending EU legislation on platforms, artificial intelligence (AI), data governance, and other issues.
The Pittsburgh meeting made progress by identifying four priority areas of cooperation: export controls, investment screening, supply chains (especially for semiconductors), and AI. Reports indicate that the working groups are still figuring out what might be possible ahead of future talks, such as if and how to establish formal information-sharing mechanisms for export controls and investment screening. The spring TTC meeting should demonstrate progress by presenting deliverables in at least three of these four areas. The TTC could go further by presenting jointly agreed definitions and guiding principles for policies related to AI and supply chains.
Keep an Eye on the DMA
The three-letter acronym for the Digital Markets Act (DMA) has been the bogeyman of Big Tech for much of 2021 and will likely materialize in 2022.
Much of the early focus in the EU will again be on the fate of the DMA, a wide-ranging proposal introduced by the commission last year, with the stated aim of creating fairer and more contestable digital markets. After the European Parliament and member states (European Council) agreed on their respective DMA negotiating mandates at the end of 2021, action now has moved to the so-called trilogue, where these co-legislators will try to hash out their differences.
While the positions of the parliament and the council largely align, important differences still remain. One of them concerns what constitutes a “gatekeeper,” the term for a company deemed to have a dominant hold on a market and therefore qualifying for more far-reaching regulatory control. Compared to the commission’s proposal, the parliament favors an increase in the quantitative thresholds (i.e., yearly turnover and market capitalization requirements) that a company would need to meet, while also expanding the DMA’s exhaustive list of core services that would be covered. The council’s position on this issue is closer to what the commission originally proposed.
DMA is not the only legislation on the horizon. The European Parliament finalized its version of the Digital Services Act (DSA), a sister law to the DMA that would reform Europe’s online content and transparency rules, on January 20. Both bills have sparked considerable concern among Big Tech about their operations in Europe.
In their current forms, DMA and DSA will have a major impact on U.S. Big Tech firms identified as gatekeepers, and those whose business models rely on online advertising. The package would set rules controlling their use of user data for commercial purposes, ban self-preferencing (for example, through pre-installed, unremovable apps), and potentially force the use of “sideloading” (downloading from third-party stores).
The proposed rules have caused a stir among U.S. and EU officials, too. Over the summer, the Biden administration spoke out against the perceived protectionist thrust of the rules that largely target U.S. firms. And European commissioner Thierry Breton returned fire accusing Commerce Secretary Gina Raimondo of lobbying on behalf of U.S. Big Tech firms.
Because it holds the rotating EU presidency in the first half of 2022, France will be responsible for driving the trilogue on DMA toward a successful outcome and advancing the DSA in that direction as well. Adding a wrinkle to the trilogues is the fact that France will also be in the middle of a presidential election. Its goal is to reach a deal on the DMA before the first round of presidential elections in early April. Even if that timeline slips, the expectation is that the DMA–despite U.S. objections—will be adopted before the end of June.
What About Data Flows?
A much-anticipated, new agreement on how the U.S. government would protect personal data transferred from the European Union in the commercial context proved stubbornly elusive in 2021, but it should finally be concluded in the next few months. Data flows are crucial for the roughly $1 trillion exchange of goods and services between the United States and EU each year, with information and communications technology (ICT) services trade valued at around $264 billion in 2020. Until a successor to the invalidated Privacy Shield Framework is found, transatlantic data transfers are in a precarious position.
A key sticking point has been the Biden administration’s refusal to consider asking Congress to change foreign surveillance laws to grant additional privacy protections for Europeans. Nonetheless, the U.S. president will have to make comparable changes through executive action, a legally novel and complex maneuver. Whether a revised Privacy Shield agreement will stand up to skeptical scrutiny by the European Court of Justice—which has struck down two predecessor frameworks in the past six years—is a question haunting negotiators on both sides.
Sharing the transatlantic spotlight with the continuing dispute over personal data transfers will be a new EU regulatory focus on non-personal data. In late 2021, the EU took the first step in this direction. It quietly finalized the Data Governance Act (DGA), a regulation aimed at enabling companies to reuse public sector data such as health or environmental data, consistent with privacy and intellectual property rules. Internal Market Commissioner Breton pressed for the law after the pandemic revealed the lack of a legal framework for hospitals to obtain Covid-19 related data for research purposes.
In February, the European Commission should introduce an even more consequential companion bill. The Data Act would create rules to facilitate industrial data sharing, such as that generated by smart devices or sensors on machinery. Currently, individual companies tend to guard this data closely for their own exploitation, but the commission points out that as much as 80 percent of it could be profitably reused across industrial sectors. U.S. companies are increasingly concerned about the commission’s intention to include in the Data Act, as it did in the DGA, strict controls on international data transfers modeled on those of the General Data Protection Regulation (GDPR). Breton has made clear that he aims to create a European market for the data generated by the continent’s leading industrial companies, to be a strong competitor against U.S. firms who currently dominate this area.
Digital Sovereignty under French and Czech EU Leadership
As the French government takes over the rotating council presidency, it is mounting a push for Europe’s digital sovereignty that won’t be welcome in Washington, DC, or Silicon Valley. Macron has made clear that digital policy will be a big priority for his country’s presidency. While France’s Minister for Digitalization Cédric O, speaking to an Atlantic Council audience, claimed DMA “is not an anti-American text,” there is little doubt that France is a leading proponent of reining in predominantly American Big Tech to ensure that Europe’s tech sector is not dominated by foreign firms, whether of Chinese or U.S. parentage. Recent French moves to limit non-EU ownership of cloud services and talk of applying GDPR-like restrictions on transfers of industrial data are only two indications that France views digital sovereignty as key to Europe’s digital future.