On 19 February the European Commission presented three papers setting out no less than the digital future of the EU. So what are they exactly and why are they not laws?
When she took over as European Commission President, Ursula von der Leyen, vowed to set out her proposals for artificial intelligence within 100 days. This was always going to be a hugely optimistic, and by all appearances, entirely arbitrary target. Indeed, it reminds me of similar aims to get ePrivacy reform done at the same time as the GDPR — three years later and the Council is still at stalemate.
The self-explanatory White Paper on Artificial Intelligence outlines the risk-based approach the Commission wants to take in promoting AI. This approach could see more checks for any technology with “a risk of injury, death or significant material or immaterial damage; that produce effects that cannot reasonably be avoided by individuals or legal entities,” in particular in sectors such as healthcare, transportation, energy and government.
German Pirate Party MEP, Patrick Breyer warned: “The EU Commission urgently needs to propose a moratorium on mass surveillance by way of facial recognition and automated behavior control, rather than pave the way for it. In a free society we cannot tolerate constant surveillance, false incrimination at large scale and systematic discrimination.
“Many advances in the field of artificial intelligence are fascinating. Can our politicians think of nothing else but to abuse this technology to monitor people at borders and in public places? China is already using facial recognition combined with the so-called social credit system to control its citizens. Such technology must never be used in a free society, as constant surveillance exerts pressure to conform. We therefore need a moratorium on the use of facial recognition and behavioral recognition for mass surveillance. If the Commission wants ethical AI, it must ban unethical AI.”
Raegan MacDonald, Head of EU Public Policy, Mozilla, said she was “encouraged” by the ambition shown by the Commission. “We are in complete agreement on one thing, the internet today is not what we want it to be. But we ask the Commission to tread carefully as they look at how to tackle issues that will ultimately determine the future of tech,” she continued.
“EU lawmakers cannot afford to repeat the mistakes of the past. Instead of easy wins, citizens need bold comprehensive frameworks that truly address the root of the problems they face — the rising tide of illegal and harmful content, the harms of the surveillance economy, and increased centralisation of power. Instead of seeing tech as all the same — which it is not — the EU needs to be clear which companies and what practices and processes should be the focus of intervention. And instead of reactionary solutions, it’s time for a policy approach that puts tech on a better course, and does not merely brush around the edges,” said MacDonald.
The Communication on a European Strategy for Data, focuses on ways to encourage data sharing across the bloc, including public funding and a so-called “European cloud.” Presenting the package Internal Market Commissioner Thierry Breton, admitted that Europe had lost the race to monetise personal data through B2C platforms, but concluded that was not necessarily a bad thing as it was in pole position in terms of B2B or industrial data.
But Breyer was again critical: “Our response to the digital revolution should not be subsidizing industry following the motto ‘Europe first’. Even though the Commission repeatedly refers to the GDPR, it quickly becomes clear what this is really about: the commercialization of our data. However, personal data is not simply a raw material that should be extracted and exploited, but in many cases reveals most private information on European citizens. Anonymized data can and should be used for research and commercial applications. However, when it comes to personal information about individuals, we need to be in control. For example, the economic exploitation of identifiable information about our health is unacceptable.”
The Strategy for Data also envisages setting up European “common spaces,” widely interpreted as a “EU cloud,” provoking alarm and accusations of “protectionism” from US-based tech lobby groups. However the document says that “companies from around the world will be welcome to avail of the European data space, subject to compliance with applicable standards, including those developed relative to data sharing.”
As with the GDPR, it appears the EU is once again trying to make trust and values its USP.
Finally the Statement on Shaping Europe’s Digital Future gives an overall view of all the Commission’s tech plans for the coming years – and unsurprisingly includes a warning shot across the bows of the GAFAs.
“The Commission will further explore … ex ante rules to ensure that markets characterised by large platforms with significant network effects acting as gate-keepers, remain fair and contestable for innovators, businesses, and new market entrants,” says the digital strategy.
Presenting the package, Europe’s Digital Chief Margarathe Vestager said that special rules might need to apply to some platforms “without consideration of illegal behavior, but just because they’re a dominant player in the digital world.” Although we will have to wait to see the nuts and bolts until later in the year when the Commission publishes its draft Digital Services Act.
Nonetheless, EMMA and ENPA, which represent the vast majority of European news outlets, were pleased with plans to work on ex-ante regulation “to ensure that markets characterized by large platforms with significant network effects acting as gate-keepers, remain fair and contestable for innovators, businesses, and new market entrants.”
“We encourage the Commission to take into account that for a healthy, pluralistic, and independent press sector to be able to thrive, determined and comprehensive policy response towards curtailing market-dominant platforms is needed,” said the organizations.
So, in short: no ban on facial recognition, an EU cloud in name only, and vague promises to tackle dominant platforms – just enough to make everyone equally unhappy. In the end, we should never really have expected much more in such a short time frame, and there is plenty of time ahead as we are at the beginning of the Commission’s five-year mandate to get the details right. Better vague proposals now, than disastrous consequences later.