The rules, known as the Digital Markets Act, allow for fines of up to 10 per cent of annual global revenue and, controversially, set out three criteria for defining a gatekeeper: Companies that, for the past three years, have had annual European turnover of at least €6.5 billion ($10.5 billion); or a market value of 65 billion euros and at least 45 million monthly users; or 10,000 yearly business users.
Another part of the EU plan, the Digital Services Act, updates the bloc’s 20-year-old rules on e-commerce by making platforms take more responsibility for their goods and services. That will involve identifying sellers so that rogue traders can be tracked down, being more transparent with users on how algorithms make recommendations, or swiftly taking down illegal content such as hate speech, though in a bid to balance free speech requirements, users will be given the chance to complain. Violations risk fines of up to 6 per cent of annual turnover.
The proposals aim to “make sure that we, as users, as customers, businesses, have access to a wide choice of safe products and services online, just as well as we do in the physical world,” and that European businesses “can freely and fairly compete online,” Margrethe Vestager, the EU’s executive vice president overseeing digital affairs, told a news conference in Brussels.
In Britain, social media and other internet companies similarly face big fines if they don’t remove and limit the spread of harmful material such as child sexual abuse or terrorist content and protect users on their platforms.
Under legislative proposals that the UK government plans to launch next year, tech companies that let people post their own material or talk to others online could be fined up to 18 million pounds ($24 million) or 10 per cent of their annual global revenue, whichever is higher, for not complying with the rules.
The proposals, contained in the UK government’s Online Safety Bill, will have extra provisions for the biggest social media companies with “high-risk features,” expected to include Facebook, TikTok, Instagram and Twitter.
These companies will face special requirements to assess whether there’s a “reasonably foreseeable risk” that content or activity that they host will cause “significant physical or psychological harm to adults,” such as false information about coronavirus vaccines. They’ll have to clarify what is allowed and how they will handle it.
All companies will have to take extra measures to protect children using their platforms. The new regulations will apply to any company whose online services are accessible in the U.K and those that don’t comply could be blocked.
The UK government is also reserving the right to impose criminal sanctions on senior executives, with powers it could bring into force through additional legislation if companies don’t take the new rules seriously – for example by not responding swiftly to information requests from regulators.
The final version of the EU rules will depend on negotiations with the EU Parliament and the bloc’s 27 member states while the UK proposals will be debated in the British Parliament.
Meanwhile, the Irish Data Privacy Commission issued Twitter with a €450,000 fine for a security breach. The company triggered an investigation after reporting the breach in January 2019, which affected users of the social media company’s Android app.
But it didn’t report it quickly enough, because of “an unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day,” the company said.
“We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers,” Twitter said.
It’s the first punishment for a big US tech company since the EU’s strict privacy rules, known as General Data Protection Regulation, took effect in 2018.
Under GDPR, a single regulator takes the lead role in cross-border data privacy cases as part of a “one-stop shop” system. But the system has come under question, with Ireland’s watching facing criticism for taking too long to decide on cases. The Twitter decision was also delayed after regulators in other EU member states objected to Ireland’s draft penalty.