Issue #69 – Friday, 21st January 2022

Dear readers, 

It’s been a week filled with warnings and signs of things-to-come: Ransomware criminals are facing justice; governments are advancing antitrust legislation; and tech companies are concerned about legal instability for data flows. But the most prominent warning yet comes from the UN Secretary-General.  

Our predictions for 2022? As is now tradition, our first briefing of the year will focus on the digital policy predictions for the year ahead of us. Join us on Zoom or tune in on social media on Tuesday, 25th January, at 13:00 UTC.

In case you’ve missed it, here’s our latest Cyber detente barometer, which keeps tabs on the cyber relations between the USA and Russia.

Stay safe,
Stephanie and the Digital Watch team

// UNITED NATIONS //

The internet is ‘giving oxygen to the worst impulses of humanity’ – UN Secretary-General

UN Secretary-General António Guterres sounded five alarms in his priorities for 2022, one of them being what he calls lawlessness in cyberspace.

His warning included strong criticism of the way tech companies operate. ‘Our personal information is being exploited to control or manipulate us, change our behaviors, violate our human rights, and undermine democratic institutions. Our choices are taken away from us without us even knowing it,’ he told the UN General Assembly. ‘The business models of social media companies profit from algorithms that prioritise addiction, outrage, and anxiety at the cost of public safety.’ 

// CYBERCRIME //

ICRC data breached

Hackers targeted the data of over 500,000 vulnerable people held by the International Committee of the Red Cross (ICRC), the organisation revealed this week. The attack targeted the servers of a Swiss company that stores the ICRC’s data.

ICRC director general Robert Mardini said that ‘an attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised.’ 

It remains unclear whether the attack was targeted against ICRC or the tech company.

Russia dismantles ransomware crime group REvil 

Six members of ransomware crime group REvil have been charged in a Moscow court after Russia declared it had dismantled the group. Russia’s action came at the behest of US authorities, in what is seen as a continuation of the cyber detente which the USA and Russia reached last year. 

There’s more in our Cyber detente barometer.

// DIGITAL SERVICES //

European Parliament adopts draft Digital Services Act

The draft of the Digital Services Act (DSA) has just passed the plenary vote in the European Parliament (EP), with important changes introduced through last-minute amendments.  

The amendments adopted by the EP include the prohibition of advertising targeting minors, the prohibition of the use of highly sensitive personal data (such as racial or ethnic origin, political or religious affiliation, sexuality or health data) for behavioural targeting, a ban on manipulating users or forcing their consent to the use of personal data, and a requirement that refusal to grant consent to the use of personal data may not limit the functionality of the platform. 

The draft will now proceed to the so-called trialogue phase, which will involve discussions between the EP, the Council of the European Union, and the European Commission.

// DATA PROTECTION //

Austrian data regulator says Google Analytics violates GDPR

In a decision published this week, the Austrian Data Protection Authority ruled that Google Analytics, a marketing service for websites, violated the EU’s General Data Protection Regulation (GDPR) because it transferred users’ data to the USA.  

The decision applies only to Austria. Yet, the Austrian data regulator said that website operators cannot use Google Analytics and be in line with the GDPR.  

In 2020, the Court of Justice of the EU (CJEU) invalidated the Privacy Shield – the US-EU agreement which enabled US companies to transfer European users’ data to the USA in accordance with GDPR standards – in what has become known as the Schrems II ruling. 

The Austrian ruling is a major win for digital rights group noyb, which filed over 101 complaints in the wake of the Schrems II ruling.

Meanwhile, Google has urged the European Commission and the US Department of Commerce to quickly finalise a successor agreement to the Privacy Shield.

// ANTITRUST //

US legislators advance antitrust legislation to Senate floor

The US Senate Judiciary Committee has voted to advance to the Senate floor an antitrust bill that seeks to prevent tech platforms – the likes of Amazon or Google – from giving preference to their own products and services over those of their competitors.

The American Innovation and Choice Online Act was introduced in October 2021 and enjoys bipartisan support.

US authorities to review how mergers and acquisitions are approved

The US Federal and Trade Commission (FTC) and the US Department of Justice (DOJ) have announced a review of how mergers and acquisitions should be approved since the surge in 2020–2021 exposed a series of ‘unique problems raised by the tech industry’.  

The FTC and the DOJ are seeking public input on dealing with mergers, with the aim of modernising the US federal merger guidelines.

China denies issuing new antitrust rules

China has denied issuing new guidelines which oblige companies to seek approval for investment deals after news of the guidelines appeared across several media outlets.

‘The Cyberspace Administration of China (CAC) has not issued this document, and the information is false,’ it said on its official WeChat channel. Yet, unnamed sources quoted in the media suggest that new guidelines are in the pipeline.

Meanwhile, in an essay in the ruling Communist Party's publication Qiushi, President Xi Jinping called for regulation and standardisation to prevent ‘monopolies and disorderly expansion of capital’ across China’s tech market. 

// CONTENT POLICY //

Twitter loses online moderation case in France 

Six anti-discrimination advocacy groups have won a legal battle against Twitter in a case of online content moderation of hate speech in France. 

The appellate decision of the Paris court confirmed the ruling of the lower court, which ordered Twitter to share ‘details on the number, nationality, location, and spoken language of the people it employs to moderate content on the French version of the platform’ as well as disclose all related documentation and pay a fine. 

This case is one of several against Twitter’s moderation practices in France.