LONDON (AP) — Big tech companies face hefty fines in the European Union and Britain if they treat rivals unfairly or fail to protect users on their platforms, in proposed regulations unveiled Tuesday by officials in Brussels and London.
The EU outlined the long-awaited, sweeping overhaul of its digital rulebook while the British government released its own plans to step up policing of harmful material online, signaling the next phase of technology regulation in Europe.
Both sets of proposals include specific measures aimed at the biggest tech companies. The EU wants to set new rules for “digital gatekeepers” to prevent them from acting unfairly. It aims to prevent bad behavior rather than just punish past actions, as it has largely done so far.
Big tech companies won’t be allowed, for example, to stop users from uninstalling preinstalled software or apps, nor will they be able to use data from business users to compete against them.
The rules, known as the Digital Markets Act, allow for fines of up to 10 percent of annual global revenue and, controversially, set out three criteria for defining a gatekeeper: Companies that, for the past three years, have had annual European turnover of at least 6.5 billion euros ($8 billion); or a market value of 65 billion euros and at least 45 million monthly users; or 10,000 yearly business users.
Another part of the EU plan, the Digital Services Act, updates the bloc’s 20-year-old rules on e-commerce by making platforms take more responsibility for their goods and services. That will involve identifying sellers so that rogue traders can be tracked down, being more transparent with users on how algorithms make recommendations, or swiftly taking down illegal content such as hate speech, though in a bid to balance free speech requirements, users will be given the chance to complain. Violations risk fines of up to 6 percent of annual turnover.
The proposals aim to “make sure that we, as users, as customers, businesses, have access to a wide choice of safe products and services online, just as well as we do in the physical world,” and that European businesses “can freely and fairly compete online,” Margrethe Vestager, the EU’s executive vice president overseeing digital affairs, told a news conference in Brussels.
In Britain, social media and other internet companies similarly face big fines if they don’t remove and limit the spread of harmful material such as child sexual abuse or terrorist content and protect users on their platforms.
Under legislative proposals that the U.K. government plans to launch next year, tech companies that let people post their own material or talk to others online could be fined up to 18 million pounds ($24 million) or 10 percent of their annual global revenue, whichever is higher, for not complying with the rules.
The proposals, contained in the U.K. government’s Online Safety Bill, will have extra provisions for the biggest social media companies with “high-risk features,” expected to include Facebook, TikTok, Instagram and Twitter.
These companies will face special requirements to assess whether there’s a “reasonably foreseeable risk” that content or activity that they host will cause “significant physical or psychological harm to adults,” such as false information about coronavirus vaccines. They’ll have to clarify what is allowed and how they will handle it.
All companies will have to take extra measures to protect children using their platforms. The new regulations will apply to any company whose online services are accessible in the U.K and those that don’t comply could be blocked.
The U.K. government is also reserving the right to impose criminal sanctions on senior executives, with powers it could bring into force through additional legislation if companies don’t take the new rules seriously – for example by not responding swiftly to information requests from regulators.
The final version of the EU rules will depend on negotiations with the EU Parliament and the bloc’s 27 member states while the U.K. proposals will be debated in the British Parliament.
Meanwhile, the Irish Data Privacy Commission issued Twitter with a 450,000-euro fine for a security breach. The company triggered an investigation after reporting the breach in January 2019, which affected users of the social media company’s Android app.
But it didn’t report it quickly enough, because of “an unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day,” the company said.
“We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers,” Twitter said.
It’s the first punishment for a big U.S. tech company since the EU’s strict privacy rules, known as General Data Protection Regulation, took effect in 2018.
Under GDPR, a single regulator takes the lead role in cross-border data privacy cases as part of a “one-stop shop” system. But the system has come under question, with Ireland’s watching facing criticism for taking too long to decide on cases. The Twitter decision was also delayed after regulators in other EU member states objected to Ireland’s draft penalty.