Law is an ever-evolving social construct and remains effective only insofar as it can be updated in a timely manner to keep up with real-life developments. The relevance of laws and their subject matter is always dictated by present-day realities and circumstances. One need only look at some of Malta's oldest laws, such as the Public Weighers Ordinance, the Carrier-Pigeons Ordinance and even the Cereals (Sale) Ordinance, all of which are now obsolete and repealed, to be transported, as if by time machine, to an entirely different era. While looking into the past can offer certain insights, the online world and the challenges it has brought have no precedent and policymakers must work hard to remain ahead of, or at least on a par with, the curve.
Now, more than ever, it is time to look towards the future, to the laws that will be required to facilitate the operation of society in a world which has become extremely reliant on digital technology for functions as simple and essential as communicating, selling and buying goods, transferring money or signing a contract. We are living in a world where human beings are being advised to avoid physical contact with one another - there has never been a time when our digital law framework was more relevant to us, as a civilisation. This article shall provide a chronological timeline (where possible) of upcoming updates to, or in some cases entirely new, digital laws which can be expected to come into effect in the very near future.
During the COVID-19 outbreak, a number of European hospitals fell victim to cyberattacks, prompting EU Commission President Ursula von der Leyen to go so far as to suggest that China may have been behind such attacks. This provides a volatile backdrop for the EU's newly envisaged cybersecurity strategy, which is enmeshed within the Commission's COVID-19 recovery plans to strengthen Europe's industries and also encourage SMEs by providing a safer digital environment. In concrete terms, by the end of this year, one can expect added measures on Critical Infrastructure Protection, as well as a review of the NIS Directive which may lead to a widened scope of operators of essential services, as defined therein.
Further Reading: https://ec.europa.eu/commission/presscorner/detail/en/ip_20_1379
There is an ongoing worldwide discussion on 5G, which for the most part tends to veer into health concerns and at times even into the realm of conspiracy theories. Unperturbed, the EU Commission has instructed all EU telecommunications ministers to avoid delays to the launch of 5G wherever possible. The launch of 5G across the EU is currently slated for end 2020, at the latest, with plans for ongoing infrastructural work to have wider 5G coverage across EU by 2025.
Democracy Action Plan
July 2020 saw the Commission launch public consultations on its Democracy Action Plan, the objectives of which are to prevent external interference and manipulation in elections, whilst also safeguarding the freedom of the media and combating misinformation. The advent of online platforms, particularly social media, where people can easily air their opinions, intertwined with much older democratic mechanisms, has given rise to new challenges that must be addressed. One of the most pressing matters is that of online political advertising, which is fast becoming one of the primary sources for gaining political traction whilst ironically being arguably the least regulated avenue for advertising. Therefore, the need for greater transparency in this regard shall form an integral part of the Democracy Action Plan.
Further Reading: https://ec.europa.eu/commission/presscorner/detail/en/ip_20_1352
New Competition Tool
Competition law plays a key part in the digital economy and this is especially true with so many new online business platforms emerging. The EU Commission is planning to launch a new 'competition tool' by the end of the year to curb anti-competitive behaviour and better address abuses of dominant market positions. Present rules have already led to numerous antitrust fines, amounting to billions, being issued against some of the global tech giants such as Google and Intel. This new competition tool will seek to further modernise EU competition law to better adapt/equip it for the digital era.
Digital Services Act
Building upon the 2000 eCommerce Directive, the EU Digital Services Act shall likely be one of the most important upcoming legal instruments regulating the EU digital market. Its scope is rather ambitious, including issues such as online safety of users, liability for online content, the use of smart contracts as well as online advertising. New regulations must necessarily coexist with long-established principles that were set in place by the eCommerce Directive, such as the general prohibition on imposing a general monitoring obligation on intermediary service providers.
The Gaia-X initiative is Europe's response to the US and Chinese cloud data infrastructures. Particularly during the COVID-19 pandemic, the need for a secure environment that would enable European businesses to share data amongst themselves, whilst abiding by EU data protection standards, was strongly felt. This is not to say that foreign powers will not be able to collaborate with EU players, however the EU is keen on creating a 'European data ecosystem', to achieve digital sovereignty in its own right.
The important role AI already plays and shall continue to play in the future is undeniable. The debate on how strictly such technologies ought to be regulated rages on, especially when discussions turn to sensitive matters such as predictive policing, automated decision-making and biometric recognition to name but a few. A follow-up to the White Paper the Commission had published in February 2020, can be expected some time early in 2021.
Meanwhile, you may read more on the legal challenges posed by AI in one of our previous articles here: https://www.mamotcv.com/resources/news/artificial-intelligence-some-of-the-challenges-ahead.
It is no secret that the EU has long been striving to levy a digital services tax across the bloc, primarily in order to tax the digital giants. Despite strong backing at the European Parliament level, such attempts have always failed due to the requirement of unanimity at Council level for agreements on tax policy. Consequently, there were always a few Member States that halted progress in this sector. Despite such setbacks the Council has requested the Commission to develop a proposal on Digital Tax by Q1 2021, should there still be no international agreement by then.
Online Child Abuse
The advent of the online world has unfortunately made online child abuse, such as child pornography, more widespread and, in some cases, more complicated. As a result, the scope of the aforementioned eCommerce Directive shall be widened and the rules for detection and removal of illegal content be made stricter with regards to online child abuse, specifically child sexual abuse material. Talks of creating more proactive rules to combat such illegalities are also on the rise.
Sometime in 2021:
Tying in to Gaia-X and the Digital Services Act mentioned above, the EU Commission is seeking to create a 'data reservoir' of sorts, a European market for data, where both private and public entities can pool together large amounts of data which can be categorised accordingly into various different sectors such as energy, agriculture and healthcare. This could be further regulated by a Data Act, projected to be launched in 2021, whereby an EU data governance body would also be established to oversee the administration of such data in the public interest.
No Definite Timeframe:
Combating Online Terrorism and Hate Speech
Like many other items, discussion on the regulation of online terrorist content took a backseat when the COVID-19 pandemic reached Europe, however talks have now resumed. The focus is primarily on proposed measures aimed at obliging online platforms to expeditiously remove illegal content that has been flagged, possibly within as little as one hour. The introduction of 'upload filters' is also being discussed, although the European Parliament opposes the idea. For this reason, as well as the myriad of complexities involved in imposing liability and responsibility on online platforms for the content which users post, it is unlikely that the discussion on this topic will reach its conclusion any time soon.
Originally intended to be launched with the GDPR back in May 2018, the ePrivacy Regulation, which shall regulate matters such as website cookies and how marketing communications can be made, has been put on hold to a certain degree. However, since taking over the EU Council Presidency from 1st July, the German Presidency is seeking to achieve progress on this Regulation by the end of its Presidency and of the year. It aims to do so by seeking consensus on two of the most crucial articles of the Regulation, pertaining to the access of users' metadata without their consent and to the protection of information about users' terminal equipment.
A New 'Privacy Shield'
Now that the dust has more or less settled following the ground-breaking decision of the European Court of Justice which saw the EU-US Privacy Shield declared invalid, the question of 'what next?' is being grappled with. It appears that the US Commerce Department and the Commission have initiated a dialogue on, yet again, creating a new form of privacy shield agreement. However, Max Schrems, the Austrian privacy activist who played a crucial role in bringing down the last two iterations of such an agreement, believes that a reform in US surveillance law may lead to a better and longer-lasting solution for EU-US data transfers.
You can read more about the end of the Privacy Shield here: https://www.mamotcv.com/resources/news/the-eu-us-privacy-shield-is-no-more.
Developing new digital tools is all well and good but any such exercise would be rendered futile if people are digitally illiterate. Therefore, the EU is currently in the process of preparing a revamped Digital Education Action Plan, with the aim of ensuring that 70% of the EU population has basic digital skills by 2025. Such skills are still found to be lacking amongst a significant part of the EU population, despite the fact that such skills are required for many jobs nowadays, especially in the wake of the new economic challenges that have plagued EU businesses as a result of the COVID-19 pandemic. Promoting gender equality in the digital world is another objective of the Digital Education Action Plan.
Further reading: https://ec.europa.eu/commission/presscorner/detail/en/qanda_20_1022
The EU's digital agenda certainly seems quite full for the coming months and there shall be a lot to digest and adapt to in the near future. Whilst the sheer amount of new legislation may initially be daunting, especially if it imposes new obligations applicable across the EU, including here in Malta, one must keep in mind that in the long term, such legislation will ultimately have a net benefit. Modernising our laws so that they truly reflect our present-day situation and so that they enable us to exploit all the latest technological advances for the overall betterment of mankind is certainly something to be celebrated and to look forward to.
We shall be posting more in-depth articles on the above subjects accordingly as they develop further.