Article  | 

The European Union wants to strengthen its data protection law, alarmed by the power of technology


Reading Time: 11 minutes

The countries of the European Union, and especially France and Germany, have decided to reinforce the DSA and DMA bills of the European Commission to ensure that the data and digital information generated in Europe do not leave their borders through the services in the cloud of big technology. The alarms have risen now that it has become public that the US intelligence services freely spied on top European personalities through the Danish intelligence service between 2021 and 2014. China has solved the problem of information leaks by forcing that the databases that foreign firms have are operated and managed by a Chinese state company, which Apple has uniquely accepted to maintain its business, which is creating a strong commotion in the United States. Meanwhile, Russia will regulate Google and Twitter services to prevent information contrary to the Kremlin from being broadcast, while Facebook and other social networks are increasingly questioned in the United States.

The growing use and dependence of telecommunications operators and public and private companies on cloud-based services offered by large technology companies, especially the American companies Amazon Web Services (AWS), Google Cloud and Microsoft Azure, is of increasing concern. more to the governments of the European Union, because they are unable to stop the leaks of all kinds of information, likely to cause commercial benefits to those who provide the service or damage the competition.

The European Commission released on December 15 its rules to control the technological giants, the two bills DSA and DMA. At the meeting of the Competitiveness Council on May 27 in Brussels, the ministers responsible for the internal market and industry of the European Union addressed the content of the two proposals for the first time and decided that the wording should be “reinforced” and “ completed ”so that the proposed objectives could be met and made more“ effective ”.

The European Union wants to reinforce the legislation that requires that all the information contained in European servers does not leave Europe, although it does not know very well how to achieve it so that it is really effective

The progress report prepared two weeks before the Council meeting already raised the need to create a more secure digital space, but at the meeting it was clear that the measures initially envisaged in the proposal should be much tougher. France, together with Germany and the Netherlands, proposed seven measures to “strengthen the WFD”, among them that the so-called systemic platforms could be investigated and regulated in advance (ex ante).

According to the text leaked to the Financial Times, the improvement proposal considers that the criteria set out in the DMA for a platform to be considered systemic are too generic and rigid and should be much more operational and flexible. The acquisitions that the platforms can make must have very clear criteria and totally adjusted to the law to be approved. The aim is to prevent a platform from acquiring a start-up that has a low turnover but has a lot of value, as has already happened in the past, with the possibility that the Commission will act preventively.

Another point that is considered very important is to complete the “country of origin rule” to make the DSA more effective. It is intended that the Commission or another regulatory authority other than the European country where the platform has the registered office can also act, to avoid that Ireland or another country where the headquarters of the technology is located is the only one that can decide or delay the process, as has also happened. In case of conflict with the instructions given by the country of origin, you want to have the right to arbitration.

France also wants the large platforms to notify the Commission of all the companies they are going to acquire. The Commissioner for the Internal Market, Thierry Breton, also referred at a press conference to a new version of the code of conduct against disinformation, to encourage platforms to put an end to the advertising revenue of the authors of illegal or undesirable content (to the left in the top photo, next to Pedro Siza, Minister of Economy and Digital Transition of Portugal, who acted as President of the Council).

View of the meeting of the Competitiveness Council last Thursday in Brussels.

In mid-June, the Portuguese Presidency is expected to present its compromise legislative proposal to the European Council, so that the trialogue between the Commission, the Member States and the European Parliament begins with the amendments proposed at the meeting of the Council of Competitiveness France hopes to obtain an agreement during its presidency of the European Council, in the first half of 2022, but it is well aware that these are very “sensitive” issues and with many discrepancies between the countries of the Union. On behalf of France, Cédric O, current Secretary of State for Digital Affairs, realistically assured that at least “there is consensus that something has to be done” and that it is an issue “of political and democratic urgency.”

America spied through Denmark

Complications to prevent unwanted information leaks are happening at an accelerated pace. The day before yesterday Sunday, an extensive investigation of the Danish public television, DR, to which several media outlets have had access, revealed that an internal report by the Danish intelligence services showed that the US National Security Agency (NSA) had spied on high-level political figures between 2012 and 2014 using submarine telecommunications cable listening systems. Under an agreement with Denmark, the NSA had access to the wiretapping systems.

Among those spied on were several German, French, Norwegian and Swedish parliamentarians and senior officials, including Angela Merkel and various members of the Chancellor’s party and the German opposition. The secret 15-page report, titled Dunhammer, claims that the NSA has taken advantage of its agreement with Denmark to spy on allied countries, with the complicity of Denmark, or at least its naivety. The NSA declined to comment, and the Danish Defense Minister, Trine Bramsen, limited herself to saying “that systematic listening from close allies is unacceptable,” as Le Monde echoed yesterday evening.

That Angela Merkel had been spied on from the US embassy in Berlin was known from documents leaked by Edward Snowden in 2013. But then-US President Barack Obama had promised Chancellor Merkel that all wiretapping would cease, which which it has been seen that it was not done and they have continued, at least until 2014 through Denmark. In August 2020, the entire Danish intelligence staff, FE, was fired but its director was appointed ambassador to Berlin, presumably to continue collaboration with the NSA, says the Le Monde article.

Apple has preferred to be conciliatory with the Chinese government and not put its lucrative business in China at risk, even at the cost of reneging on its principles of privacy of the information on its devices and databases.

What is clear is that the intelligence services of the allied countries are suspicious of each other and the relationship between different “state sewers” is unknown to most of the top government officials. This episode only aggravates the strong suspicions that different European countries have that the US intelligence services take advantage of the information contained in the servers of the big US technology companies to spy on their allies on the European continent. In fact, technology companies have an obligation to provide the NSA with the information they request, under the Cloud Act.

For this reason, both France and Germany are especially interested in having “trusted clouds” and France has even created a security certificate to make the clouds safe or, at least, to try, in view of the situation they are in. espionage networks, even between countries declared friends. For the experts, it will be very difficult, if not impossible, to restore a minimum climate of mutual trust on both sides of the Atlantic, especially when Joe Biden does not seem to want to do anything for now to reverse the systems of espionage to allies that worked in times of previous American presidents.

In the midst of all this mess, Bundeskartellamt, the German antitrust body, opened last week an investigation into Google on the dominance position of Alphabet, Google’s parent company, in several of its products, in addition to those already practiced on Facebook and to Amazon. On the one hand, it will be investigated if the company has a significant part of the market with the search engine of Google, YouTube, Google Maps, Android and Chrome. On the other hand, if the terms and conditions of the data processing practiced by Alphabet are fair or the data of different third-party services and applications are crossed to, for example, favor Google’s advertising services over the competition.

The Bundeskartellamt has been investigating Facebook since 2019 and the matter is now in the hands of the European Court of Justice, but the procedures are desperately slow, appeals filed separately. For this reason, it is desired that the DSA and DMA can be investigated in advance, “ex ante”. Instead, according to The Wall Street Journal last week, Google is close to reaching an agreement with France and accepting that it has abused its dominant position in advertising services and paying a fine.

The same financial newspaper assured a day before that the European Union will very soon open a formal antitrust investigation with Facebook, the first of its kind. In 2017, the European Union fined Facebook 110 million euros for having provided misleading information during the review of the WhattsApp purchase process. In any case, it is doubted that these investigations will serve to tackle the problem with technology, as demonstrated by the decision in mid-May of the European General Court to force Luxembourg to return 250 million euros in taxes to Amazon, as requested by the European Commission. The judges understood that the European Commission and Luxembourg had previously reached an agreement on state aid.

Last year, Ireland was also forced to return to Apple 14,300 million euros in taxes when the European Commission order was revoked by the judges. The vice president of the Commission and in charge of these competition issues, Margrethe Vestager, assured that “a historic global agreement is close to being reached to reform the international corporate tax framework.” For the commissioner, recent court decisions confirm the need for national tax laws to be in line with the state aid rules of the European Union.

Apple bows to China’s dictates

The one who has no problem with information leaks is China. Apart from the fact that it has built a digital wall that makes its Internet insurmountable if it does not grant explicit permission, all databases that foreign companies have in Chinese territory are forced to give up all control and management of the information of the companies. databases to a Chinese state-owned company, according to a law passed in November 2016. This law requires that “all personal information and important data” collected in China must remain in China. Otherwise, the foreign company will simply not be able to operate in China.

On May 17, the New York Times published the result of an extensive report in which he revealed that Apple will complete this June a huge data center near Guiyang, in a poor region in southwestern China, and another in the Inner Mongolia region to host all the personal data of its customers in China and its cloud and e-commerce services such as iCloud. Apple’s iCloud service enables its customers to store most of their sensitive customer data, such as personal contacts, photos, and emails in the company’s data centers and back up all information stored in a iPhone or Mac computer, as well as the location of the users of Apple devices.

According to the US newspaper, Apple’s team in China alerted Apple’s chief executive officer, Tim Cook, that China would shut down the iCloud service in his country if it did not comply with Chinese cybersecurity law. Therefore, “Mr. Cook agreed to move all the personal data of his Chinese customers to the servers of a Chinese company controlled by the State, “says the New York Times, which has led to the project known internally at Apple as” Golden Gate “, the construction of the two large data centers.

Apple encrypts all the data stored in the iCloud, but it has the keys to access this information, which it has given to the Chinese authorities. At first, when the Chinese cybersecurity law came into force in June 2017, the location of the keys to decrypt the information was a vague topic, but now it is clear that the Chinese government has full access to all the information stored in iCloud , according to documents investigated by the New York Times. It so happens that Apple has always maintained that its customer data was completely safe. He even denied the powerful FBI access to the information on an iPhone of a terrorist involved in the killing of 14 people in San Bernardino, California, on December 2, 2015.


Now, it is clear that for Apple, business is above any other consideration, such as information privacy, and that Apple is not willing to give up its lucrative business that it maintains in China, even if it comes at the cost of reneging on its more principles. jealously guarded. As Jack Nicas, one of the reporters of the New York Times article in later reports, says, “We knew that Apple had moved user data from Apple devices within the borders of China and that it had removed applications at the request of the Chinese authorities, but until now we did not know the degree of acquiescence of Apple to the demands of the Chinese Government in both cases ”. In two years, Apple has removed 1,217 apps from its Apple Store, the newspaper says.

Data center that Apple is building in Inner Mongolia, published by NYT via Google Earth.

Naturally, Apple’s attitude towards the Chinese government, at least ambiguous and too conciliatory, has sparked lively controversy in the United States. Several human rights organizations have denounced Apple’s “double standards”. Yaqiu Wang of Human Rights Watch has commented that “these revelations ridicule Apple’s image as a white knight of privacy.” Apple assures that “much of the information in the newspaper article is incomplete, erroneous or not current” but, for Amnesty International’s Nicholas Bequelin, it is hard to believe Apple with the business at stake and the strength of Beijing’s laws . For Wang, “the physical control of Apple servers by the Chinese government is a fundamental threat.”

The theme illustrates that, for Apple, the Chinese market is fundamental and more important than ever. Between October 2020 and March 2021, Apple has invoiced in China 39,000 million dollars, 19.42% of its turnover. Apple has a share of close to 20% of the Chinese smartphone market and the iPhone 12 sells very well, despite its very high price for the Chinese consumer. In addition, the vast majority of Apple products are manufactured and assembled in China, especially through Foxconn.

Apple is one of the few companies that is doing great business and has been successful in China. Google withdrew in 2010, Facebook hardly had any account in China, and Amazon cut back in 2019, unable to compete with Chinese e-commerce giants such as Alibaba. According to experts, Apple has only two options: stay in China and face all the consequences that this entails or withdraw completely. At the very least, they consider, it should be more transparent and detail all the applications it has withdrawn and inform the Chinese of the possibilities they have to protect data with Apple devices and tools, if there are any.

Tesla has also bowed to Chinese lawsuits, although its case is not comparable to Apple. The Chinese authorities prohibited Tesla from storing the data of the movements of its vehicles, because it did not want them to be a reason for espionage of its users, some of them high Chinese officials, and has ceded all control and management of its databases China to continue to sell its electric cars in China.

Russia has also aimed to shut down the Internet to the bone. As the Financial Times also assured last week, it has forced the closure of an obscure YouTube channel, Tsargrad TV, which is considered to be the version of the Russian Orthodox Church to Fox News, the American conservative channel. The Russian-language news channel has some presenters who are archbishops, such as Andrei Tkachev, (in the image above, taken from a still from Tsargrad TV published by FT) and who makes comments that deviate from the official line of the Kremlin.

The owner of the channel is Konstantin Malofeev, sanctioned by the United States and the European Union since 2014 for his ties to Russian-backed separatists in Ukraine. For years, Google has paid Tsargrad TV in the order of $ 10,000 a month for the publicity generated, until Moscow has ordered its closure. Now, Google’s entire business in Russia is in question and what it has paid is subject to litigation, with the possibility that it will have to pay multi-million dollar fines. The last few weeks have been intense in terms of the future of the information hosted on the servers and its control, at a time of boom in cloud services that European operators hire large technology companies, will be the subject of the next article in this section.