Welcome to Euractiv’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“Our identities can be basically stolen and our data can be misused.”
– Dávid Kardos, accredited parliamentary assistant (APA) for MEPs Anna Donáth and Katalin Cseh in an email to the Accredited Parliamentary Assistants Committee about the data breach.
Story of the week: Identity cards, passports, excerpts of criminal records, and work experience documents were among the personal data of European Parliament employees compromised in a data breach, according to an internal email sent on Wednesday and seen by Euractiv. The breach took place at the start of 2024 and was confirmed on 25 April. On Wednesday, a new email, sent by the PEOPLE application team and seen by Euractiv, detailed to individual employees which documents uploaded in the PEOPLE app were part of the breach. In the emails seen by Euractiv, almost all the uploaded documents were listed as being affected. Read more.
Don’t miss: A new European Tech Deal. Ahead of June’s EU elections and a new European Commission, France and Germany are looking to set the agenda with a joint paper calling for the adoption of a European Tech Deal and forceful reforms to slash red tape. The two countries are looking for a deal to “accelerate digitalisation across industries.” For Paris and Berlin, that means backing the EU’s recently-enacted digital rules, designed to tackle the near-monopolistic rule of US tech giants like Meta or Apple. Read more.
Also this week:
- New Caledonia weighs heavy as French Senate approves bill on foreign influence
- Meta removes Facebook account of Slovak PM’s alleged shooter
- French government announced several measures for its homegrown AI companies, says Europe must learn to innovate before regulating
- Multiple disinformation narratives spreading around the Fico assassination attempt
- Commission “compels” Microsoft to provide information on Bing and generative AI
- Online travel agencies file complaint against Ryanair, alleging breach of the EU’s data protection law
Before we start: If you’re looking for more tech analysis, tune in to our weekly podcast:
Artificial Intelligence
Microsoft under more pressure. The European Commission has moved to “compel” Microsoft to provide information about generative artificial intelligence (AI) risks on its Bing search engine, threatening it with a fine, according to a statement last Friday. The Commission suspects violations of the Digital Services Act (DSA), stemming from risks posed by Bing’s generative AI tools. If Microsoft does not provide the information by 27 May, the Commission may impose a fine of up to 1% of the provider’s total annual income, the statement said. Read more.
Paris boosts AI companies. French President Emmanuel Macron and Economy Minister Bruno Le Maire have announced several initiatives to bolster artificial intelligence in France and Europe, saying the bloc “must learn to innovate before regulating. […] Europe is in a state of economic lethargy; it must be awakened,” Le Maire said. Read more.
News Corp-OpenAI agreement. OpenAI signed an agreement with News Corp to bring content from the Wall Street Journal, the New York Post, The Times, and The Sunday Times to its AI model. The deal, which includes access to both current and archived content, follows similar agreements with the Financial Times and Axel Springer, the Guardian reported. Unlike publications like The New York Times, which is suing OpenAI over copyright issues, News Corp sees this partnership as a positive step for journalism.
DMA and AI. The High-Level Group for the Digital Markets Act (DMA) emphasised in a statement on Wednesday the need for coordinated regulation of AI, highlighting the new AI Act, which addresses risks and promotes innovation. Composed of bodies like BEREC, the European Data Protection Supervisory (EDPS), and others, the group stresses lawful data use and fair competition, noting AI’s benefits and risks, such as bias and misinformation. The DMA’s obligations for gatekeepers integrating AI ensure market fairness. According to the statement, ongoing collaboration will focus on aligning AI development with DMA objectives and other regulatory frameworks, emphasising areas like cloud services, data access, and fundamental rights.
Scarlet Johansson vs OpenAI. The Hollywood actress claims her voice may have been used in ChatGPT’s “Sky,” citing discussions with the company’s CEO, Sam Altman. The CEO is a fan of the film Her, in which she voiced an AI assistant that the main character falls in love with. Johansson turned down an offer for her voice to be used in OpenAI products. Altman said that the voice actor for “Sky” was selected before any discussions with Johannson.
Foundation models and transparency. A Foundation Model Transparency Index published this month by Stanford University evaluated transparency among foundation model developers. Fourteen developers improved their transparency scores, with the average rising from 37 to 58 since October 2023. The highest score was 85 for StarCoder. OpenAI’s GPT-4 and Google’s Gemini 1.0 ranked among the lowest.
Microsoft’s screenshots. The UK’s Information Commissioner’s Office (ICO) is investigating Microsoft’s new Recall feature, which takes screenshots every few seconds on Copilot+ PCs, BBC reported on Tuesday. Despite being an optional, privacy-focused feature with local storage, privacy campaigners worry it could be a “privacy nightmare.” Microsoft asserts that Recall users control what is captured and that the data is secure, the article reported.
Competition
UK competition authority will not investigate Microsoft-MistralAI partnership. The Competition Markets Authority decided last Friday to close its merger inquiry investigation into the deal between US tech giant Microsoft and French AI startup MistralAI. According to the competition authority, the partnership “does not qualify for investigation under the merger provisions” of UK law.
Data & Privacy
French Senate’s foreign influence bill. The ongoing tensions in France’s overseas territory of New Caledonia weighed heavily in a debate at the French Senate on Wednesday, where Senators strengthened and approved a bill on foreign interference. The bill includes a measure to expand the scope of algorithmic surveillance of the population. Put in place in 2015 in the wake of the terrorist attacks, algorithmic surveillance has until now been limited to counterterrorism. The provision allows intelligence services to use algorithms to comb through telecommunications metadata to detect and counteract such threats of foreign interference. The bill also establishes a national register of agents working in foreign influence operations and includes provisions for freezing the financial assets of individuals or entities involved in specific foreign influence activities. Read more.
Law enforcement
Constitutional Council censors part of the French digital umbrella law SREN. A controversial disposition of the SREN law, which introduced special penalties for online offences, was censored by the Constitutional Council last Friday. The Council said the measure would have been contrary to the freedom of expression. The law was promulgated without the disposition on Wednesday. As the law received two reasoned opinions by the European Commission during its legislative procedure, a future decision from the Commission could be expected, although the French state decided not to notify the law a third time to the Commission, considering that lawmakers had changed the law coherently to the Commission’s demands.
Commission opens 18 infringement procedures for non-compliance with Data Governance Act. On Thursday, the European Commission announced it had opened infringement procedures against countries which did not designate responsible authorities to implement the Data Governance Act, a legislation facilitating data sharing across sectors. These include notably Germany, France, Italy, Poland, Belgium, Sweden, Austria, and the Czech republic. The Data Governance Act has been applicable since September 2023. The 18 member states now have two months to designate their authorities, otherwise the Commission will issue reasoned opinions.
Media
Fico assassination and disinformation. Minutes after the assassination attempt on Slovakia’s populist Prime Minister Robert Fico last Wednesday, disinformation about the incident was spreading on social media, reflecting the country’s and the world’s fractured information landscapes. EU Commission officials told a briefing last Thursday they are monitoring the situation “quite closely,” including with external resources. The Commission is looking into the effectiveness of community notes at fighting disinformation surrounding the Fico assassination attempt, in line with an investigation announced in December 2023, an official said. Read more.
Platforms
Complaints against Ryanair. A European travel tech industry group filed two separate complaints on Tuesday to French and Belgian data protection authorities over Ryanair’s use of biometric data, according to a press release shared with Euractiv. The EU Travel Tech association, which counts Airbnb, Booking.com, Expedia, eDreams, and Skyscanner among its members, alleges that Ryanair has violated the EU’s key data privacy legislation, the General Data Protection Regulation (GDPR). “Ryanair’s biometric verification process violates the principles of lawfulness, fairness and transparency required by the GDPR,” the press release said. It called for a fine on the Dublin-based low-cost airline and an immediate halt to Ryanair’s biometric data processing until data protection authorities rule on their complaints. Read more.
Facebook account of Slovak PM’s alleged shooter removed. Shortly after last week’s assassination attempt on Slovak Prime Minister Robert Fico, Meta took down the Facebook account of the shooter, the tech giant confirmed to Euractiv on Wednesday. Meta classified the incident as a violation of its content moderation rules immediately after the shooting on 15 May. Under the rules, content that glorifies or represents the shooting or the perpetrator must be removed. Meta told Euractiv that no one else was involved in the removal of the perpetrator’s account. Read more.
Spotify and elections. On Tuesday, Spotify launched the “Play your part, Europe!” campaign to encourage voting in the upcoming EU Parliament elections. EU users over 18 will receive in-app messages reminding them of the election, along with links to a playlist featuring songs from EU artists.
TikTok and covert influence. TikTok’s new report, published on Thursday, details their efforts to detect and disrupt covert influence operations to maintain platform integrity. It promotes transparency by sharing information on these activities. Updates on networks disrupted before January 2024 are in their quarterly Community Guidelines Enforcement reports, with new updates starting in May 2024. Key points include the geographic origin of networks, detection sources, the number of followers of these networks, and ongoing enforcement against accounts linked to previously disrupted networks or displaying similar behaviour.
France’s State Council sees no reason to “urgently” react to government’s TikTok ban in New Caledonia. In the wake of the violent riots which erupted on the archipelago of New Caledonia, a French overseas territory in South Pacific, the French government decided to ban TikTok on 15 May, as part of the state of emergency measures. As an overseas territory, EU law does not apply to New Caledonia, which would have impeded France to ban TikTok. The decision was soon challenged by several not-for-profit organisations, New Caledonian individuals and lawyers, including digital rights organisation La Quadrature du Net and human rights organisation La Ligue des Droits de l’Homme. Yet, this Thursday, the State Council decided not to suspend the ban as the claimants did not manage to demonstrate the ban had “concrete and immediate consequences” on their interests, as other social media, the press, TV, and radio remained open.
Entry into force of Digital Identity Regulation. The new European Digital Identity Regulation came into effect on Sunday, setting the stage for a European Digital Identity Wallet by 2026. This mobile app will enable secure online identification for EU citizens and residents to access services across Europe and promises enhanced data control and privacy, facilitating actions like sharing digital documents and making payments.
Telecom
Telecommunication ministers adopt future of cybersecurity conclusions. During the Telecommunications Council on Tuesday, EU ministers adopted conclusions on the future of cybersecurity, which call for the implementation of EU cybersecurity legislation and supporting SMEs, which will have to comply with the new rules. They also highlighted the need for adequate funding to attract private capital for EU entities active in cyber.
“Main priorities” in digital policy for the next legislative cycle. During the same Telecommunications Council on Tuesday, EU ministers adopted conclusions on the future of EU digital policy, underlining the need for “an effective, coherent and efficient implementation” of recently adopted digital regulations. The conclusions also recall the need to link the digital transformation with the ecological transformation, bridge the digital divide and ensure a secure and resilient digital infrastructure across the EU.
Largest telecom operators’ organisation competition call. ETNO and GSMA published a call on EU ministers on Tuesday, ahead of the Telecommunications and Competitiveness Council this week, to reiterate their support for Enrico Letta’s high-level report recommendations on the industry. As previously reported by Euractiv, Letta’s report aligns with views of major telecoms companies on market integration.
What else we’re reading this week:
Scarlett Johansson’s AI row has echoes of Silicon Valley’s bad old days (BBC)
Meta says AI-generated content is not happening at a “systemic level” (MIT Technology Review)
GPT 4o’s Chinese token-training data is polluted by spam and porn websites (MIT Technology Review)
[Edited by Zoran Radosavljevic]