UK opts for slow reboot of Big Tech rules, pushes ahead on privacy ‘reforms’

The UK government has confirmed it will move forward on a major ex ante competition reform aimed at Big Tech, as it set out its priorities for the new parliamentary session earlier today.

However it has only said that draft legislation will be published over this period — booting the prospect of passing updated competition rules for digital giants further down the road.

At the same time today it confirmed that a “data reform bill” will be introduced in the current parliamentary session.

This follows a consultation it kicked off last year to look at how the UK might diverge from EU law in this area, post-Brexit, by making changes to domestic data protection rules.

There has been concern that the government is planning to water down citizens’ data protections. Details the government published today, setting out some broad-brush aims for the reform, don’t offer a clear picture either way — suggesting we’ll have to wait to see the draft bill itself in the coming months.

Read on for an analysis of what we know about the UK’s policy plans in these two key areas… 

Ex ante competition reform

The government has been teasing a major competition reform since the end of 2020 — putting further meat on the bones of the plan last month, when it detailed a bundle of incoming consumer protection and competition reforms.

But today, in a speech setting out prime minister Boris Johnson’s legislative plans for the new session at the state opening of parliament, it committed to publish measures to “create new competition rules for digital markets and the largest digital firms”; also saying it would publish “draft” legislation to “promote competition, strengthen consumer rights and protect households and businesses”.

In briefing notes to journalists published after the speech, the government said the largest and most powerful platform will face “legally enforceable rules and obligations to ensure they cannot abuse their dominant positions at the expense of consumers and other businesses”.

A new Big Tech regulator will also be empowered to “proactively address the root causes of competition issues in digital markets” via “interventions to inject competition into the market, including obligations on tech firms to report new mergers and give consumers more choice and control over their data”, it also said.

However another key detail from the speech specifies that the forthcoming Digital Markets, Competition and Consumer Bill will only be put out in “draft” form over the parliament — meaning the reform won’t be speeding onto the statue books.

Instead, up to a year could be added to the timeframe for passing laws to empower the Digital Markets Unit (DMU) — assuming ofc Johnson’s government survives that long. The DMU was set up in shadow form last year but does not yet have legislative power to make the planned “pro-competition” interventions which policymakers intend to correct structural abuses by Big Tech.

(The government’s Online Safety Bill, for example — which was published in draft form in May 2021 — wasn’t introduced to parliament until March 2022; and remains at the committee stage of the scrutiny process, with likely many more months before final agreement is reached and the law passed. That bill was included in the 2022 Queen’s Speech so the government’s intent continues to be to pass the wide-ranging content moderation legislation during this parliamentary session.)

The delay to introducing the competition reform means the government has cemented a position lagging the European Union — which reached political agreement on its own ex ante competition reform in March. The EU’s Digital Markets Act is slated to enter into force next Spring, by which time the UK may not even have a draft bill on the table yet. (While Germany passed an update to its competition law last year and has already designated Google and Meta as in scope of the ex ante rules.)

The UK’s delay will be welcomed by tech giants, of course, as it provides another parliamentary cycle to lobby against an ex ante reboot that’s intended to address competition and consumer harms in digital markets which are linked to giants with so-called “Strategic Market Status”.

This includes issues that the UK’s antitrust regulator, the CMA, has already investigated and confirmed (such as Google and Facebook’s anti-competitive dominance of online advertising); and others it suspects of harming consumers and hampering competition too (like Apple and Google’s chokepoint hold over their mobile app stores).

Any action in the UK to address those market imbalances doesn’t now look likely before 2024 — or even later.

Recent press reports, meanwhile, have suggested Johnson may be going cold on the ex ante regime — which will surely encourage Big Tech’s UK lobbyists to seize the opportunity to spread self-interested FUD in a bid to totally derail the plan.

The delay also means tech giants will have longer to argue against the UK introducing an Australian-style news bargaining code — which the government appears to be considering for inclusion in the future regime.

One of the main benefits of the bill is listed as [emphasis ours]:

“Ensuring that businesses across the economy that rely on very powerful tech firms, including the news publishing sector, are treated fairly and can succeed without having to comply with unfair terms.”

“The independent Cairncross Review in 2019 identified an imbalance of bargaining power between news publishers and digital platforms,” the government also writes in its briefing note, citing a Competition and Markets Authority finding that “publishers see Google and Facebook as ‘must have’ partners as they provide almost 40 per cent of large publishers’ traffic”.

Major consumer protection reforms which are planned in parallel with the ex ante regime — including letting the CMA decide for itself when UK consumer law has been broken and fine violating platforms over issues like fake reviews, rather than having to take the slow route of litigating through the courts — are also on ice until the bill gets passed. So major ecommerce and marketplace platforms will also have longer to avoid hard-hitting regulatory action for failures to purge bogus reviews from their UK sites.

Consumer rights group, Which?, welcomed the government’s commitment to legislate to strengthen the UK’s competition regime and beef up powers to clamp down on tech firms that breach consumer law. However it described it as “disappointing” that it will only publish a draft bill in this parliamentary session.

“The government must urgently prioritise the progress of this draft Bill so as to bring forward a full Bill to enact these vital changes as soon as possible,” added Rocio Concha, Which? director of policy and advocacy, in a statement.

Data reform bill

In another major post-Brexit policy move, the government has been loudly flirting with ripping up protections for citizens’ data — or, at least, killing off cookie banners.

Today it confirmed it will move forward with ‘reforming’ the rules wrapping people’s data — just without being clear about the exact changes it plans to make. So where exactly the UK is headed on data protection still isn’t clear.

That said, in briefing notes on the forthcoming data reform bill, the government appears to be directing most focus at accelerating public sector data sharing instead of suggesting it will pass amendments that pave the way for unfettered commercial data-mining of web users.

Indeed, it claims that ensuring people’s personal data “is protected to a gold standard” is a core plank of the reform.

A section on the “main benefits” of the reform also notably lingers on public sector gains — with the government writing that it will be “making sure that data can be used to empower citizens and improve their lives, via more effective delivery of public healthcare, security, and government services”.

But of course the devil will be in the detail of the legislation presented in the coming months. 

Here’s what else the government lists as the “main elements” of the upcoming data reform bill:

  • Using data and reforming regulations to improve the everyday lives of people in the UK, for example, by enabling data to be shared more efficiently between public bodies, so that delivery of services can be improved for people.
  • Designing a more flexible, outcomes-focused approach to data protection that helps create a culture of data protection, rather than “tick box” exercises.

Discussing other “main benefits” for the reform, the government touts increased “competitiveness and efficiencies” for businesses, via a suggested reduction in compliance burdens (such as “by creating a data protection framework that is focused on privacy outcomes rather than box-ticking”); a “clearer regulatory environment for personal data use” which it suggests will “fuel responsible innovation and drive scientific progress”; “simplifying the rules around research to cement the UK’s position as a science and technology superpower”, as it couches it; and ensuring the data protection regulator (the ICO) takes “appropriate action against organisations who breach data rights and that citizens have greater clarity on their rights”.

The upshot of all these muscular-sounding claims boils down to whatever the government means by an “outcomes-focused” approach to data protection vs “tick-box” privacy compliance. (As well as what “responsible innovation” might imply.)

It’s also worth mulling what the government means when it says it wants the ICO to take “appropriate” action against breaches of data rights. Given the UK regulator has been heavily criticized for inaction in key areas like adtech you could interpret that as the government intending the regulator to take more enforcement over privacy breaches, not less.

(And its briefing note does list “modernizing” the ICO, as a “purpose” for the reform — in order to “[make] sure it has the capabilities and powers to take stronger action against organisations who breach data rules while requiring it to be more accountable to Parliament and the public”.)

However, on the flip side, if the government really intends to water down Brits’ privacy rights — by say, letting businesses overrule the need to obtain consent to mine people’s info via a more expansive legitimate interest regime for commercial entities to do what they like with data (something the government has been considering in the consultation) — then the question is how that would square with a top-line claim for the reform ensuing “UK citizens’ personal data is protected to a gold standard”?

The overarching question here is whose “gold standard” the UK is intending to meet? Brexiters might scream for their own yellow streak — but the reality is there are wider forces at play once you’re talking about data exports.

Despite Johnson’s government’s fondness for ‘Brexit freedom’ rhetoric, when it comes to data protection law the UK’s hands are tied by the need to continue meeting the EU’s privacy standards, which require the an equivalent level of protection for citizens’ data outside the bloc — at least if the UK wants data to be able to flow freely into the country from the bloc’s ~447M citizens, i.e. to all those UK businesses keen to sell digital services to Europeans. 

This free flow of data is governed by a so-called adequacy decision which the European Commission granted the UK in June last year, essentially on account that no changes had (yet) been made to UK law since it adopted the bloc’s General Data Protection Regulation (GDPR) in 2018 by incorporating it into UK law.

And the Commission simultaneously warned that any attempt by the UK to weaken domestic data protection rules — and thereby degrade fundamental protections for EU citizens’ data exported to the UK — would risk an intervention. Put simply, that means the EU could revoke adequacy — requiring all EU-UK data flows to be assessed for legality on a case-by-case basis, vastly ramping up compliance costs for UK businesses wanting to import EU data.

Last year’s adequacy agreement also came with a baked in sunset clause of four years — meaning it will be up for automatic review in 2025. Ergo, the amount of wiggle room the UK government has here is highly limited. Unless it’s truly intent on digging ever deeper into the lunatic sinkhole of Brexit by gutting this substantial and actually expanding sunlit upland of the economy (digital services).

The cost — in pure compliance terms — of the UK losing EU adequacy has been estimated at between £1BN-£1.6BN. But the true cost in lost business/less scaling would likely be far higher.

The government’s briefing note on its legislative program itself notes that the UK’s data market represented around 4% of GDP in 2020; also pointing out that data-enabled trade makes up the largest part of international services trade (accounting for exports of £234BN in 2019).

It’s also notable that Johnson’s government has never set out a clear economic case for tearing up UK data protection rules.

The briefing note continues to gloss over that rather salient detail — saying that analysis by the Department for Digital, Culture, Media and Sport (DCMS) “indicates our reforms will create over £1BN in business savings over ten years by reducing burdens on businesses of all sizes”; but without specifying exactly what regulatory changes it’s attaching those theoretical savings to.

And that’s important because — keep in mind — if the touted compliance savings are created by shrinking citizens’ data protections that risks the UK’s adequacy status with the EU — which, if lost, would swiftly lead to at least £1BN in increased compliance costs around EU-UK data flows… thereby wiping out the claimed “business savings” from ‘less privacy red tape’.

The government does cite a 2018 economic analysis by DCMS and a tech consultancy, called Ctrl-Shift, which it says estimated that the “productivity and competition benefits enabled by safe and efficient data flows would create a £27.8BN uplift in UK GDP”. But the keywords in that sentence are “safe and efficient”; whereas unsafe EU-UK data flows would face being slowed and/or suspended — at great cost to UK GDP…

The whole “data reform bill” bid does risk feeling like a bad-faith PR exercise by Johnson’s thick-on-spin, thin-on-substance government — i.e. to try to claim a Brexit ‘boon’ where there is, in fact, none.

See also this “key fact” which accompanies the government’s spiel on the reform — claiming:

“The UK General Data Protection Regulation and Data Protection Act 2018 are highly complex and prescriptive pieces of legislation. They encourage excessive paperwork, and create burdens on businesses with little benefit to citizens. Because we have left the EU, we now have the opportunity to reform the data protection framework. This Bill will reduce burdens on businesses as well as provide clarity to researchers on how best to use personal data.”

Firstly, the UK chose to enact those pieces of legislation after the 2016 Brexit vote to leave the EU. Indeed, it was a Conservative government (not led by Johnson at that time) that passed these “highly complex and prescriptive pieces of legislation”.

Moreover, back in 2017, the former digital secretary Matt Hancock described the EU GDPR as a “decent piece of legislation” — suggesting then that the UK would, essentially, end up continuing to mirror EU rules in this area because it’s in its interests to do so to in order to keep data flowing.

Fast forward five years and the Brexit bombast may have cranked up to Johnsonian levels of absurdity but the underlying necessity for the government to “maintain unhindered data flows”, as Hancock put it, hasn’t gone anywhere — or, well, assuming ministers haven’t abandoned the idea of actually trying to grow the economy.

But there again the government lists creating a “pro-growth” (and “trusted”) data protection framework as a key “purpose” for the data reform bill — one which it claims can both reduce “burdens” for businesses and “boosts the economy”. It just can’t tell you how it’ll pull that Brexit bunny out of the hat yet.

UK targets fake reviews and killer acquisitions in reform package

The UK has announced a bundle of consumer protection and competition reforms which could see platforms that fail to tackle fake reviews fined up to 10% of their global annual turnover.

Also incoming: Stronger powers for the national competition regulator to prevent tech giants from being able to buy up startups or smaller rivals with the intention of shuttering a competing service (so called ‘killer acquisitions’).

However the government still hasn’t decided how to deal with the broad online scourge of dark pattern design which uses deceptive and/or manipulative tactics to dupe web users into spending more time or money than they intend on a digital service — saying it’s “seeking further evidence” on how best to arm regulators to combat these unethical tactics.

The reforms it has agreed follow a consultation last year on reforming competition and consumer policy which saw the government take feedback from businesses, consumers groups, regulators and others on how to strengthen legislation in these areas.

Consumer protection & competition reforms

In a response to the consultation published by the department for Business, Energy & Industrial Strategy (BEIS) today, the government said policies it’s proposing fall into three areas: Competition reforms to ensure the system is “fit for the digital age”; consumer rights reforms to keep pace with digital developments and tackle specific issues like fake reviews; and consumer enforcement reforms to empower the national antitrust watchdog to intervene effectively.

In a press release announcing the package of reforms this morning, BEIS said the plan would make it “clearly illegal” to pay someone to write or host a fake review.

There will also be “clearer rules” for businesses to make it easier for consumers to opt out of subscriptions so they are not stuck paying for things they no longer want.

So called ‘subscription traps’ — in which businesses make it difficult for consumers to exit a contract  — will also be targeted by new rules that companies must:

  • provide clearer information to consumers before they enter a subscription contract
  • issue a reminder to consumers that a free trial or low-cost introductory offer is coming to an end, and a reminder before a contract auto-renews onto a new term
  • ensure consumers can exit a contract in a straightforward, cost-effective and timely way

In a major change, the Competition and Markets Authority (CMA) will be able to directly enforce consumer law under the reform plan, rather than needing to go through a court process — with the aim of dialling up the speed of enforcement.

The watchdog will get new powers to fine firms up to 10% of their global turnover for “mistreating customers”, as BEIS put it, or up to £300,000 in the case of an individual.

It will also be able to award compensation to consumers, instead of that being the preserve of the courts.

There will also be measures aimed at helping consumers and traders resolve more disputes without needing to go to court — by improving Alternative Dispute Resolution (ADR) services in consumer markets, including via amendments to regulation intended to improve ADR services, per BEIS.

The government says the average UK household spends around £900 each year influenced by online reviews — and £60 on “unwanted subscriptions”.

The slated consumer protection reforms will apply in England, Scotland and Wales (the area is devolved in Northern Ireland).

In a statement, consumer minister Paul Scully said:

“We’re making sure consumer protections keep pace with a modern, digitised economy.  No longer will you visit a 5 star-reviewed restaurant only to find a burnt lasagne or get caught in a subscription in which there’s no end in sight. Consumers deserve better and the majority of businesses out there doing the right thing deserve protection from rogue traders undermining them.”

It’s not clear when exactly these new powers will come in. Legislation will need to be formally proposed and presented to parliament to undergo the usual process of scrutiny before it can become law and enter into force.

Prime minister Boris Johnson’s government also does not have the greatest record on swiftly legislating in these areas (consumer protection and competition) so it could be several years before new rules apply.

Fake reviews

On fake reviews, the government says it will consult on a new law to tackle fake reviews that would make it illegal to:

  • commission someone to write or submit a fake review
  • host consumer reviews without taking reasonable steps to check they are genuine
  • offer or advertise to submit, commission or facilitate fake reviews

In terms of the impact on platforms and marketplaces much will depend on exactly what “reasonable steps” boils down to in that context.

More thorough checks would be more expensive for platforms to implement. But if the measures are too weak and easy for scammers to circumvent it’ll be consumers left disappointed that fake reviews continue to proliferate.

The CMA — which has been broadly investigating online reviews since 2015 — has instigated a number of interventions against platforms on the issue of fake reviews specifically in recent years, including actions targeted at eBay, Facebook, Amazon and Google.

It has also expressed frustration with certain companies over their slow response to pressure to stop the trade in fake reviews, with CMA CEO Andrea Coscelli saying last year that it was “disappointing” Facebook had taken over a year to fix issues the regulator had flagged, for example.

A threat of fines that could — under the government’s reform plan — stretch into billions of dollars for a tech giant like Facebook would be more likely to concentrate C-suite minds on compliance with this issue.

Commenting in a statement on the full package of reforms, Coscelli said:

“This is an important milestone towards strengthening the CMA’s ability to hold companies to account, promote fair and open markets, and protect UK consumers. The CMA stands ready to assist the government to ensure that legislation can be brought forward as quickly as possible, so consumers and businesses can benefit.”

It may be that Facebook is also the inspiration for other planned changes to beef up penalties for breaches.

These reforms will see the regulator able to impose fines worth up to 5% of a business’ annual global turnover (as well as additional daily penalties for continued non-compliance) for breaches of undertakings given to it; and able to levy penalties worth up to 1% of a business’ annual global turnover (plus additional daily penalties if the breach continues) in the case of non-compliance with an information notice, concealing evidence or providing false information.

That’s notable after Facebook was fined $70M by the CMA last year for deliberately withholding information related to the regulator’s oversight of its acquisition of Giphy — the first such finding of a breach of an order by a company “consciously refusing to report all the required information”, as the CMA put it at the time.

The regulator subsequently ordered Facebook to undo the Giphy purchase — which was also the first time the CMA had blocked such a major digital acquisition.

Killer acquisitions

The tech giant’s power to inspire major regulatory reforms looks undeniably — given the government also intends to beef up the watchdog’s powers to combat killer acquisitions. (Facebook had shut down Giphy’s competing ad product after buying the smaller business, triggering competition concerns, an in depth probe and, finally, an order to reverse the acquisition.)

Other measures slated as incoming through the reform package include powers to strengthen the CMA’s ability to gather evidence to combat cartel-style anticompetitive behavior where companies colluding to bump up prices, per BEIS.

The CMA will also be empowered to fine businesses for anticompetitive abuses even in smaller markets as the government says it will reduce the minimum turnover threshold for immunity from financial penalties from £50M to £20M.

Smaller businesses will see some relief in the form of a government pledge to cut their M&A red tape by excluding mergers between small businesses — where each party’s UK turnover is less than £10M — from the CMA’s merger control altogether.

More details on the competition components of the reform are contained in the government response to the consultation — where it writes that it is progressing the following policies:

  • retaining a voluntary and non-suspensory merger control regime
  • adjusting the thresholds for the CMA’s jurisdiction to better target the mergers most likely to cause harm and ensure the regime remains proportionate:
    • Raising the turnover threshold in line with inflation (>£70m to >£100m UK turnover)
    • Creating an additional basis for establishing jurisdiction to enable review of so-called ‘killer acquisition’ and other mergers which do not involve direct competitors. Jurisdiction would be established where at least one of the merging businesses has: (a) an existing share of supply of goods or services of 33% in the UK or a substantial part of the UK; and (b) a UK turnover of £350m. In response to feedback received these thresholds have been raised from the levels originally consulted upon
  • introducing a small merger safe harbour, exempting mergers from review where each party’s UK turnover is less than £10 million, to reduce the burden on small and micro enterprises
  • government will also continue to monitor the operation of the share of supply test and may consider further proposals on how to reform it
  • enabling the CMA to deliver more effective and efficient merger investigations by:
    • accepting commitments from businesses which resolve competition issues earlier during a phase 2 investigation
    • enhancing and streamlining the merger ‘fast track’ procedure
    • updating how the CMA is required to publish its merger notice

Competition law covers the whole of the UK so these wider reforms will apply in all nations.

BEIS also noted today that it is developing closer ties with international partners as a result of the CMA dealing with more cross-border cases following Brexit.

“The government is making overseas disclosures of information held by a UK competition or consumer authority more streamlined, and introducing new powers on investigative assistance,” it added.

Moving like sludge…

While the UK government continues to consider how best to tackle dark pattern design, EU lawmakers have a chance to take the lead and ban these manipulative tactics in already proposed legislation — assuming the Council agrees with MEPs to include a prohibition on such practices in the Digital Services Act (another ‘trilogue’ compromise negotiation is scheduled for tomorrow so the issue is still a live one for the bloc).

The EU also already agreed a major ex ante reform of competition law to target tech giants — aka, the Digital Markets Act — which is expected to come into force later this year.

While the UK’s own slated ‘pro-competition’ ex ante reform is still pending legislation, despite the regime change being announced back in November 2020.

A Digital Markets Unit (DMU) was set up last year but it lacks the necessary powers to take action against tech giants’ market abuses, meaning the CMA has to tackle market power related problems using classic (slow) competition powers.

A UK government claim to be “moving in a more agile way than the EU, whilst maintaining high standards” — penned by the BEIS secretary in his ministerial forward to the response to the consultation outcome — looks questionable in light of how little progress has been made in bringing legislation forward to deliver on the long-trailed promise of a major competition reboot.

The CMA has been investigating a number of concerns about the market power of tech giants in recent years — including undertaking a market study of online advertising back in 2019 which concluded there were serious structural problems linked to the dominance of Google and Meta/Facebook.

However the regulator eschewed intervening when it reported its concerns — opting to wait for the government to the reform competition regime.

Another ongoing CMA market study — examining the Apple, Google mobile duopoly — has also raised substantial competition concerns but, again, the regulator has suggested these issues are best tackled by the DMU once it’s empowered, meaning that the structural remedies needed to tackle serious competition issues remain on pause.

TikTok pushes bundle of teen safety measures internationally

TikTok is making a promotional push in Europe and Australia around a bundle of safety-focused features, some of which it announced in the US earlier this month, and which it says are aimed at protecting teenage users from dangerous challenges.

The company remains the target of a major consumer protection complaint in the region — which has led to active monitoring of its policies by the European Commission.

The measures being (re)announced by TikTok include a permanent in-app guide which pushes teens to engage with a ‘4-step’ process (aka: “stop, think, decide, act“) before engaging in online challenges; a dedicated policy category for dangerous acts and challenges in the reporting menu to make it easier for users to report problem challenges; and dedicated safety videos from curated creators being pushed to users who are under 18 via their ‘For You’ feeds to further raise awareness of safety issues around challenges.

In a sample video from the #SaferTogether campaign, TikTok creator @maddylucydann can be seen sketching a scenario in which a medic in an emergency department is figuring out what to tell the young patient who’s been admitted with serious injuries after falling attempting to imitate some parkour they saw in an online video but without having the necessary skills to pull off the tricks safely — and putting heavy emphasis on making kids think before they attempt something similarly silly.

Also today, in what looks like a new announcement, TikTok said it’s making a financial contribution to Western Sydney University to support further research into online challenges, and sharing research data with the university’s Young and Resilient Research Centre to that end.

It says this data “formed the basis” of an earlier report, authored by Dr. Zoe Hilton and published by Praesidio Safeguarding.

“We believe these two contributions will help the Western Sydney University Young and Resilient Research Centre in their interdisciplinary approach to developing evidence-based policies and practices to strengthen the resilience of young people in the digital age,” TikTok said in a blog post attributed to Alexandra Evans, its head of safety public policy, Europe.

The blog post also quotes Amanda Third, the co-director of the Centre which will be benefitting from the platform’s financial and data-based largess — stating that TikTok’s contribution will “assist it to explore the challenges involved in keeping young people safe online with real world data”; and “help us develop research to inform policies, programs and interventions to minimise the risks and maximise the benefits of the digital age for young people”.

TikTok’s blog post does not specify how much money it is donating to the university — but when asked for the figure the company (and Third) told us it’s 108,420 AUD (circa ~$78k).

The video-sharing platform has been facing months of scrutiny by regulators in the EU following consumer protection and privacy complaints; and an emergency intervention in Italy last year related to concerns over a ‘blackout challenge’ which local media had linked to the death of a child.

In the latter case, TikTok refuted any link with its platform but ended up removing more than half a million accounts in Italy which it had been unable to verify did not belong to children under the age of 13.

We reached out to the Italian data protection authority for an update on its monitoring of the company’s safety measures but at the time of writing it had not responded.

The European consumer protection umbrella association, BEUC, declined to give an assessment of the specific measures TikTok has announced today — saying it prefers to wait for regulators to weigh in on its concerns.

“We prefer to wait for the assessment by the consumer protection authorities who are following up on our complaints that the video sharing platform is breaking consumer law,” Alexandre Biard, team leader for enforcement at BEUC, told us, adding: “We expect the authorities to take measures to make sure the platform respects consumer rights.”

We also contacted the Commission asking for a progress update on its scrutiny of TikTok’s ToS and will update this report with any response.

Attention to online child safety has been dialling up in multiple jurisdictions in recent years.

In the US, tech execs from major platforms have been grilled by lawmakers on the issue — which has led to a number of bills being proposed, including most recently the Kids Online Safety Act.

While, elsewhere in Europe, the UK is now enforcing a Children’s Code which aims to regulate platforms’ design choices and defaults by forcing them to prioritize privacy and safety.

The country has much broader Online Safety legislation in the pipe, too, also with a major focus on child safety, which will introduce a legal duty of care on platforms towards users.

Down under, in Australia, there’s another Online Safety Bill on the slate — introduced at the end of 2021 — which similarly puts emphasis on tightening the law to protect children from cyberbullying and other online safety risks.

So there’s a clear, global consensus emerging around regulating platforms under a child protection rubric.

Italy fines Apple and Google for ‘aggressive’ data practices

Apple and Google have been fined €10 million apiece by Italy’s competition and market authority (AGCM) which has found they did not provide their users with clear enough information on commercial uses of their data — in violation of the country’s consumer code.

The regulator also accuses the pair of deploying “aggressive” practices to push users to accept the commercial processing.

Apple and Google were both contacted for a response to the ACGM’s sanction. Both said they will appeal.

Google is accused of omitting relevant information at the account creation phase and as consumers are using its services — information the regulator says should be providing in order for people to decide whether or not to consent to its use of their data for commercial ends.

The AGCM has also accused Apple of failing to immediately provide users with clear information on how it uses their information commercially when they create an Apple ID or access its digital stores, such as the App Store.

It’s the rather more surprising sanction — given Apple’s carefully cultivated image as a champion of consumer privacy (not to mention the premium its devices and services tend to command vs cheaper, ad-supported alternatives, such as stuff made by Google).

The Italian regulator lumps both companies’ practices together in a press release announcing the sanctions — accusing each one of being especially aggressive in pushing self-serving commercial terms on their respective users, especially at the account creation phase.

For Google, the ACGM notes that it pre-sets user acceptance of commercial processing — and also notes that the adtech giant fails to provide a clear way for users to revoke consent for these data transfers later or otherwise change their choice after the account step has been completed.

It also takes the view that Apple’s approach denies users the ability to properly exercise choice over its commercial use of their data, with the regulator arguing the iPhone maker’s data acquisition practices and architecture essentially “condition” the consumer to accept its commercial terms.

It’s an awkward accusation for a company that splashes major marketing cash on suggesting its devices and software are superior to alternatives (such as tech made by Google) exactly because it claims to put user privacy at the core of what it does.

In a statement, Apple rejected the ACGM’s finding — writing:

“We believe the Authority’s view is wrong and will be appealing the decision. Apple has a long-standing commitment to the privacy of our users and we work incredibly hard to design products and features that protect customer data. We provide industry-leading transparency and control to all users so they can choose what information to share or not, and how it is used.”

A Google spokeswoman also disagreed with the findings, sending this statement:

“We have transparent and fair practices in order to provide our users with helpful tools and clear information about their usage. We give people simple controls to manage their information and limit the use of personal data, and we work hard to be fully compliant with the consumer protection rules. We disagree with the Authority’s decision and we will appeal.”

The full text of the ACGM’s decisions can be found here: For Apple and Google.

The Italian regulator has had a busy few days slapping big tech: Earlier this week it issued a $230M fine (total) for Apple and Amazon over alleged collusion around the sale of Apple kit on Amazon’s Italian marketplace.

It has also been stepping up investigations of tech giants over a period of years — earlier this year it fined Facebook over similar issues with its commercial use of people’s data, while this summer it hit Google with a $123M fine related to Android Auto. It also has an open probe into Google’s displaying advertising business.

Other fines from the ACGM in recent years include one for Apple related to misleading iPhone users about the device’s water resistance and another for Apple and Samsung for slowing devices.