German FCO Suspects Apple App Ad Tracking Policies are Anticompetitive

Report from TechCrunch

In Brief – The Bundeskartellamt, Germany’s national competition authority, has announced that it suspects that Apple is not treating third-party app developers as equally as required under the special German antitrust regime established to regulate the largest digital platforms. In 2022, the Germany regulator began investigating 2021 changes Apple made to its iPhone operating system requiring third-party apps to get direct opt-in permission from users to track their online activity for the purpose of serving targeted ads as potentially being unfair to competitors. While Apple heralded their tracking policy as promoting user privacy, many app developers and competitors in the digital advertising business complained that Apple’s changes harm competition and unfairly benefit Apple’s own advertising business. After three years the German antitrust watchdog says that Apple’s policy raises several concerns, including that Apple applies rules to data processing for advertising by third-parties that do not apply to Apple’s own data practices involved in advertising, Apple applies more consecutive user consent boxes to third-party apps than to itself, and that Apple’s tracking consent dialogues are unequal, with the language for consent to Apple tracking designed to encourage users to accept while language for tracking by third-party apps steers users against acceptance. Similar EU member state antitrust investigations have also been initiated in Poland, France, and Italy.

Context – The German law allowing the FCO to regulate digital giants was a harbinger of the Digital Markets Act. Some German officials have questioned the DMA for being too limited in the types of conduct they can address. While there are seven DMA “gatekeepers”, only 24 of their designated “core platform services” are covered by the law. Germany’s Section 19(a) authority allows the FCO to regulate any service of the five designated digital giants. For example, the FCO used its authority to regulate Google’s auto services that are currently outside the scope of the DMA. Allegations that Microsoft uses Office 365 to benefit products like Teams and its cloud services are not in scope for the DMA, but they are for the FCO.

EU Online Disinformation Code is Being Formally Integrated Into the DSA

Report from EuroNews

In Brief – The European Commission has announced that the Code of Conduct on Disinformation will be formally integrated into the Digital Services Act (DSA) governance regime in July. The EU effort to promote best practices to limit disinformation began in 2018 with an initial voluntary Code of Practice that was then strengthened in 2022. The updated version being formally integrated into the DSA is signed by 42 entities including digital platforms, led by giants Google, Meta, Microsoft, and TikTok, participants from across the digital advertising ecosystem, fact-checkers, civil society organizations and researchers. It establishes commitments including cutting financial support for purveyors of disinformation, more effective labelling of political advertising, targeted policies to reduce manipulative behavior such as deceptive bots and fake accounts, and providing better tools to empower users, researchers, and the fact-checking community to identify disinformation. The disinformation code is the second to be recently set for DSA integration following the Code of Conduct on Countering Illegal Hate Speech.

Context – Codes of conduct play a formal role in the DSA process. Although they do not replace the requirements of the law, the DSA regulators will recognize that a signatory abiding by a code is an indicator of DSA compliance. They are also voluntary. With the Trump Administration harshly criticizing the EU for policing online content as disinformation that some conservatives argue is just ideological disagreement, and cancelling elections in Romania based on charges of deceptive content on TikTok, which top platforms sign on, how they claim to comply, and how they are judged, may become a very charged issue. Twitter was an initial signatory but pulled out following its acquisition by Elon Musk and the shift from formal fact checkers to Community Notes. X’s efforts to contain disinformation is being investigated. Meta has signed the code but has announced its own plans to drop paid fact checkers and adopt community notes. Google also has signed the code but has reportedly notified the Commission that it would not be adopting fact checking in its search service or on YouTube.

The GDPR One Stop Shop Mechanism Suffers Big EU Court Setback

Report from Irish Legal News

In Brief – The EU’s General Court has sided with the European Data Protection Board (EDPB), made up of the EU’s national data protection authorities and the European Data Protection Supervisor, ruling that the collective can overrule a national privacy regulator on enforcement of the General Data Protection Regulation (GDPR). The case pitted the EDPB against the Irish Data Protection Commission (DPC), which is the lead supervisory authority under the GDPR’s “one-stop-shop” mechanism for companies based in Ireland, which includes many of the largest digital platforms. In a series of complaints against Facebook filed in 2018 by privacy advocates across Europe, the DPC arrived at decisions that privacy advocates, including many national authorities, criticized and challenged. The EDPB required the DPC to revise their decisions and impose tougher penalties. The Irish argued that the EDPB was overstepping its authority. The General Court, the EU’s second highest, has ruled that the EDPB’s interventions were consistent with its authority under the GDPR and struck a clear blow against the primacy of home state authorities.

Context – Meta has been mired for years in a quagmire involving European privacy advocates frustrated with the GDPR. The law’s One-Stop-Shop regime that was billed originally as a business-friendly streamlining of regulatory compliance was a top target of critics. Privacy advocates vociferously complained that Ireland’s DPC was lax and slow. They pressed other member state privacy authorities to intervene and overrule the DPC via the EDPB. And they largely succeeded. The DPC has since taken more aggressive GDPR stances with digital giants. And the One-Stop-Shop mechanism was effectively jettisoned from subsequent EU digital regulation measures, including the DSA, the DMA, and the AI Act. The Commission is in the regulatory driver’s seat for the biggest platforms. That said, regulatory overlaps, including involving the Commission’s digital regulators and the privacy regulators, continue to crop up, such as over Meta’s subscription plans and the regulation of AI providers.

Meta Further Opening FB Marketplace to Resolve EU Antitrust Complaint

Report from Bloomberg

In Brief – Meta has announced a further opening of its Facebook Marketplace to classified competitors, allowing classified ad firms in Europe to place their listings on Marketplace through the Facebook Marketplace Partner Program. The cost for these ads will be based on the number of times a user clicks on a button within the listing. The new program follows on a pilot with eBay. Meta’s moves to allow competitors onto its Marketplace platform came after a November decision of the European Commission to fine Meta 800 million euros for unfairly bundling Marketplace into Facebook’s huge social network and abusing its dominance in online advertising. Meta launched Facebook Marketplace in 2016 and quickly integrated it into its core social media platform. Marketplace has since grown into one of the top classifieds ads platforms in many markets, including in Europe. The Commission claimed that tying the Marketplace to Facebook gave the service an unfair advantage over other online classified platforms and consumer-to-consumer shopping competitors, and that Facebook also imposed unfair terms and conditions on those competing businesses when they advertised on Facebook, often requiring them to share user data that was then used to benefit Marketplace. Meta continues to object to the level of the fine and recently filed an appeal at the European General Court.

Context – Competition regulators for the European Union and UK initiated parallel investigations of the Facebook Marketplace in 2021. Meta reached a settlement with British competition regulators in 2023 by agreeing to allow classifieds and shopping services that advertise on Meta’s social media platforms to opt out of data sharing that could be used to benefit Marketplace. European Commission regulators turned down a similar offer. In the EU, the Commission also now regulates Meta as a Digital Markets Act “gatekeeper” and its Marketplace as a “core platform service”, meaning that the company must comply with the law’s 18 requirements on Marketplace without specific antitrust enforcement action.

Judge Rejects Fair Use Defense of an AI Company (not Generative AI)

Report from TechSpot

In Brief – Federal Judge Stephanos Bibas has delivered a significant ruling in a copyright case pitting Thomson Reuters against the now-defunct legal services startup Ross Intelligence that claimed to have developed an AI-enabled legal service. Judge Bibas ruled that Ross’s system was developed using thousands of Thomson Reuters’ Westlaw case summaries without paying licensing fees, and that copies of those summaries were provided to Ross’s users. Of note, the judge took pains to point out that, “Ross’s AI is not generative AI (AI that writes new content itself). Rather, when a user enters a legal question, Ross spits back relevant judicial opinions that have already been written.” And therefore, he cautioned that this summary judgement ruling, which rejected Ross’s fair use copyright defense, was about non-generative AI. Bibas said that Ross’s fair use defense failed on two prongs of fair use analysis, namely that Ross’s service was a commercial venture that was not truly transformative, and that Ross’s service competed with Westlaw in the market and harmed Westlaw’s value. He said that the Supreme Court’s 2023 ruling in Andy Warhol Foundation v. Goldsmith guided his fair use determination.

Context – The fact that Ross’s service was inarguably not generative AI limits the value of the ruling on the huge questions around the legality of “training” the neural networks of major GAI models with non-licensed copyrighted material. In the EU, with its AI Act, regulators and AI expert groups will play key roles. In the US, copyright lawsuits targeting GAI giants will likely focus on fair use. Federal Judge William Orrick, overseeing cases involving image generating services trained on digital artworks, recently issued a ruling in which he explained that he is trying to ascertain how the GAI systems work. He will learn that they are not databases like Ross’s system. They do not store or retrieve copies. They “learn” from data and then produce new output. It will be interesting to see how courts react when GAI operators admit they don’t exactly know why their systems produce any particular output, hence the nagging existence of our favorite GAI concept, “hallucinations”.

European Commission Adds to their DSA Investigation of Shein

Report from TechCrunch

In Brief – The European Commission has formally requested a wide range of information from fast-growing Chinese ecommerce platform Shein as part of its investigation of the business under the Digital Services Act (DSA). The law was enacted in 2022 to regulate how digital platforms address illegal and objectional content. Twenty-five platforms have over 45 million active users in the EU and are designated Very Large Online Platforms (VLOPs), including five online marketplaces — AliExpress, Amazon, Shein, Temu and Zalando. The Commission announcement says Shein has been asked to hand over internal documents and detailed information on concerns including illegal content and goods on its marketplace, measures adopted to mitigate risks relating to consumer protection, public health and users’ wellbeing, and the transparency of its recommender systems. All three China-based marketplace VLOPs now face DSA investigations.

Context – Shein and Temu have built giant retail businesses shipping inexpensive consumer products and apparel directly from factories in China to consumers globally. To give some sense of their growth, the Commission claims that more than 12 million low-value packages, meaning each valued at less than 150 euros, came into the EU per day last year. That was double 2023 and triple 2022. The flood of these packages is disrupting the retail industry. Other retailers complain that duty preferences given to those low-value consignments are being misused by giant retailers who simply sell products from Chinese factories. Consumer groups are now focused on Shein and Temu for the sale of unsafe products. Along with the DSA investigations, the Commission is proposing a host of other initiatives, including eliminating the duty relief afforded low value shipments, and coordinating consumer protection actions. In the US, the Trump Administration has eliminated the US equivalent of the duty-free threshold for packages from China, which is set at $800. That change, primarily intended to impact Shein and Temu, is paused as US Customs officials work out compliance processes for the duty collections.

Macron Uses Paris AI Summit to Call for EU AI Regulatory Pullback

Report from Reuters

In Brief – French President Emmanuel Macron’s address to a global AI Summit in Paris called for Europe to recalibrate AI regulation to support innovation and made the case that France, with its AI talent and nuclear-powered electricity generating capacity, was well-positioned to lead the region forward. Against a backdrop of US President Donald Trump’s deregulatory focus on AI, which included Vice President JD Vance telling the summit (video here) that EU tech and AI regulation was excessive, and that the US was committed to its AI leadership, the overall tone of the summit was far less about avoiding risks and far more about achieving benefits. Speaking of European AI regulation, Macron said, “It’s very clear we have to resynchronize with the rest of the world.” EU Commissioner Henna Virkkunen, who leads on digital policy for Commission President Ursula von der Leyen, also told the summit that EU will simplify its rules and implement them in a business-friendly way. In her address, von der Leyen said she intends to make the EU “the AI continent” and announced investments in “public supercomputers” to serve start-ups and scientists and the creation of 12 “artificial intelligence factories.”

Context – When the EU enacted its AI Act last year many forecast it would be the global model for AI regulation. We didn’t see it then and trends are in the opposite direction. President Macron was a voice of restraint during the AI Act talks, cautioning against regulating general “foundation models”, which includes the AI giants, but also European upstarts like France’s Mistral. The EU, pressed by the Parliament, went the other way. The first AI Act rules came into force on February 2nd, with the focus on prohibited edge-case AI uses. But under the radar was also the AI Act mandate requiring all providers and users of AI systems in Europe to ensure that all staff and other persons dealing with AI systems have a sufficient level of “AI literacy”, adding new training and compliance burdens to even small AI developers and low-risk system users. The AI Act compliance calendar is long and rules for the big general purpose AI models come out later this year.

Antitrust Activists Push Back on UK Naming Amazon Exec to Head CMA

Report from TechCrunch

In Brief – A coalition of voices in the vanguard of antitrust activism against Big Tech have signed an open letter expressing concern with the UK Government’s recent decision to appoint a former Amazon executive as chair of the Competition and Markets Authority (CMA). Harkening back to the competition agenda that only last year led to passage of the UK Digital Markets, Competition and Consumers Act (DMCC) that created the Digital Markets Unit (DMU) inside the CMA to regulate the largest digital platforms, the group said that the new regulator needed to be “free from political pressure” if it’s to keep Big Tech in check and “unlock positive economic outcomes for the whole economy.” The letter was spurred by the recent removal of the Chair of the CMA Board of Directors for failing to effectively direct the antitrust regulator to prioritize the government’s economic growth agenda. Doug Gurr, a former Amazon executive who once led its UK business, was named as the CMA’s interim chair, which was taken by many observers as a signal of cooperation rather than conflict with giant tech companies.

Context – Presenting the UK as a more reasonable regulator than the EU, and therefore an appealing market for business investment, was always a theme of the pro-Brexit Conservative Governments. But their tech policies were schizophrenic. The differences between the UK DMCC and the EU DMA, or the UK Online Safety Act and the EU DSA, or the CMA’s Big Tech antitrust portfolio and the EU Competition Authority’s, were in the fine print and the UK’s slower and more orderly regulatory pace. And the Labor Party backed those laws. But AI and associated investment is now a top UK priority and PM Starmer recently said that his government will offer investors “stability, pragmatism and the good sense they would expect from democratic British values.” But there is much more to digital regulation than just AI. And while sacking the Chair of the CMA just as DMCC regulatory processes really ramp up sent one signal, there is the report that Apple is being ordered to end strong encryption by UK security services that will likely resonate negatively with many tech leaders.

Paris Prosecutors are Investigating X for Politically Biased Algorithms

Report from CNBC

In Brief – The Paris prosecutor’s office is investigating social media platform X for using allegedly biased algorithms. The probe by the public prosecutor follows a complaint filed by a lawmaker in Emmanuel Macron’s Ensemble pour la République party alleging that X fraudulently promotes content that aligns with the ideological views of X’s principal owner, Elon Musk. The prosecutor’s office said that magistrates and specialized assistants of its cybercrime section have been tasked with analyzing the submitted report and carrying out initial technical checks on the platform. The same cybercrime unit led the criminal probe of Telegram boss Pavel Durov, who was arrested last August for complicity in managing Telegram to enable illegal transactions. Durov, who is out on bail, denies the allegations, but Telegram has since said it is cooperating more closely with police to remove illegal content.

Context – Elon Musk’s high-profile interventions on political topics in numerous countries, often harshly criticizing progressive officials and backing populist conservatives, has led to a growing chorus of political leaders, especially in Europe, and including France’s Macron, calling for him to face sanctions for so-called “election interference.” The EU Digital Services Act (DSA) regulates how digital platforms police illegal and objectionable content online. Content relevant to politics and elections, often called disinformation or misinformation by opponents, is in scope for the regulators. The DSA’s backers say that the law protects free expression, but they also argue that law’s regulation of “recommender systems”, and how a platform accelerates or decelerates the circulation of political content, is different from regulating the content itself. Of course, critics disagree. Trying to make the case that using the DSA to direct or regulate how X promotes ideological posts, including Musk’s own posts, is not actually regulating political speech, will be quite a stretch. Expect the other US tech leaders under scrutiny in Europe to encourage President Trump to take a hard line on what has long been his top digital concern.

Microsoft Continues Trying to Settle EU Antitrust Concerns with Teams

Report from Reuters

In Brief – Microsoft has reportedly offered to widen the price differential between its Office 365 product sold with its chat and video app Teams and its version of the software sold without the Teams as part of its ongoing negotiation to avoid an EU antitrust fine. Message and collaboration app Slack filed an antitrust complaint with the European Commission in 2020 accusing Microsoft of illegally tying Teams to Office and Windows and the Commission opened a formal investigation in mid-2023. That fall, Microsoft offered to provide versions of Office and Windows in Europe without Teams, as well as offer a stand-alone Teams product. In April 2024 they announced that they would roll those changes out globally, saying that the expansion “addresses feedback from the European Commission by providing multinational companies more flexibility when they want to standardize their purchasing across geographies.” Microsoft critics have argued throughout this process that the pricing differences between the different Microsoft services were not adequate. For example, the Office 365 suite without Teams was priced €2 less per month than the plan that included Teams, while the standalone price of Teams was €5 per month, and that Teams price is lower than that of top competitors. It is not clear whether Microsoft intends to offer a less expensive version of Office without Teams, raise the price of Office with Teams, or some combination of both.

Context – The regulatory mesh surrounding Microsoft is far more advanced in Europe that in the US. Microsoft is a “gatekeeper” under the Digital Markets Act and its Windows OS and LinkedIn are regulated as “core platform services.” However, the European Commission did not designate Office 365 as a core platform, so the law’s regulatory mandates do not apply and the Teams matter is consigned to traditional antitrust enforcement. On the other hand, the German Federal Cartel Office has wider authority to regulate all Microsoft services. Although the US FTC opened an investigation of Microsoft in the waning days of the Biden Administration, it is not clear how it will proceed in the new Administration.

Ending De Minimis for China Paused While US Works on Compliance Plan

Report from the Washington Post

In Brief – The Trump Administration has amended its executive order that imposed new tariffs on China, Canada, and Mexico, and ended the “de minimis” exemption for packages from those countries, by delaying the de minimis change until the US Commerce Department has policies in place to “fully and expediently process and collect tariff revenue” for the shipments. While the new tariffs on Canada and Mexico were paused before they went into effect, the added duties on products from China have entered into force, which meant an end to the de minimis exemption that currently applies to around 4 million daily packages valued at under $800 shipped from China. That number has grown rapidly as app-based retailers, most notably Temu and SHEIN, built big businesses shipping inexpensive consumer products and apparel directly from factories in China to online consumers in major markets globally.

Context – Drastically scaling back the de minimis rules has been a long-time goal of retailers that import products in bulk from China and distribute them in stores. Anything to increase the costs of competitors helps them. While claims related to drug precursors flowing through packages have been made for years, the real issue is tax disparities. When tariffs are low, the disparities are small and tradeoffs between different business models are balanced, but as tariffs escalate, which is the case with President Trump’s trade interventions, disparities are more meaningful. The US Postal Service, and private shippers like FedEx and UPS, have all long-supported the de minimis policy because it facilitates their ability to handle huge volumes of low-value packages where the compliance costs of calculating the tariff rates, and potentially inspecting packages, far outweighs the revenue collected. They are certain to want to work closely with the US customs officials to get the “expediently” part of the new order right. In Europe, the EU is exploring their own Temu and SHEIN-inspired rule changes. As Temu and SHEIN react to US de minimis changes, one sectoral winner may be distribution center builders and operators.

Judge Tersely Rejects Apple Efforts to Join the Google Search Antitrust Case

Report from The Verge

In Brief – US District Court Judge Amit Mehta has summarily denied Apple’s emergency request to stay his recent decision rejecting their effort to halt the Google Search monopoly trial and join the litigation directly to protect their interests, in particular the highly lucrative agreement Google has had to be the default search provider on Apple devices. Last August, Mehta sided with the US Department of Justice (DoJ) and ruled that Google held a monopoly in the market for general internet search and engaged in illegal conduct to maintain that search monopoly, especially through large payments to Apple and Samsung to make its search engine the default option on smartphones and browsers. Judge Mehta will determine Google’s penalties and corrective actions this year, with the in-court portion of the trial’s remedies phase set for April. Last fall, the DoJ asked for very aggressive conduct remedies including forcing Google to spin off its Chrome browser, modify Android, restrict AI efforts, and allow competitors to access Google’s search data. Google called it a “wildly overbroad proposal” that went “miles beyond the Court’s decision” and submitted an offer that would prohibit it from engaging in the conduct Mehta ruled illegally protected Google search from potential competitors. Apple then requested to join the litigation claiming that Google was not likely to defend the contract relationships that pay Apple almost $20 billion a year.

Context – If Judge Mehta accepts even some parts of the DoJ remedy it would be the most aggressive US effort to rein in a tech giant since the DoJ attempt to break up Microsoft in 2000. It would be even more striking given his relatively narrow findings of illegality and harm. The aggressive Biden antitrust enforcers have moved on but some high-profile officials in the new administration have been very critical of Google in the past. President Trump has often complained that Google search treats him unfairly but has also said breaking up big US companies like Google might be a bad idea. Finally, Judge Mehta certainly knows that Judge Thomas Penfield Jackson’s order breaking up Microsoft in 2000 was overturned on appeal.

UK Kicks Encryption Hornets’ Nest by Demanding Apple iCloud Backdoor

Report from the Washington Post

In Brief – The UK Government has reportedly issued secret orders to Apple demanding that the company provide a backdoor for security authorities to access users’ encrypted iCloud data. The unprecedented demand, made in January, was filed under the UK Investigatory Powers Act (IAP). The government is demanding the ability to access all end-to-end encrypted files in its cloud uploaded by any user worldwide. Even revealing that the UK Government made the demand is a criminal offense under the law. Apple expanded the use of highly secure end-to-end encryption within the iPhone ecosystem globally in 2022 by allowing users to choose to encrypt iCloud data which had previously not been encrypted. Last year, the company made a submission to the UK Parliament that flagged concerns about the IPA threatening encryption and user privacy.

Context – Encryption is another example of the UK’s digital policy schizophrenia in aiming to be a European haven of tech investment and innovation while pressing digital regulatory and legislative initiatives that run completely contrary to that goal. The Online Safety Bill was nearly derailed in 2023 by concerns that it could outlaw end-to-end encryption in the UK, leading top messaging services to threaten to abandon the market. Although the standoff was defused by a minister stating that no change on encryption was forthcoming, the matter was reopened by proposed changes to the IPA in 2024. The UK’s latest move may in part reflect a perceived shift in Washington, as the tech giants, including Apple, were repeatedly criticized during the First Trump Administration for encryption practices officials said protected criminals. Apple reportedly delayed iCloud encryption during President Trump’s first term due to US law enforcement opposition. However, the new Trump Administration has a much larger digital wing. Finally, the new UK demand is reportedly global in scope, and privacy defenders in the EU have successfully pushed back on encryption threats in the “Chat Control” legislation, and the European Court of Human Rights has ruled that giving governments a general encryption back door is a human rights violation.

China’s Response to New Trump Tariffs Includes Threat to Google

Report from the New York Times

In Brief – China has included an antitrust investigation of Google in its trade retaliation package responding to the United States’ new 10% across-the-board tariff on Chinese exports to the country. The announcement simply said that the State Administration for Market Regulation (SAMR), China’s competition authority, would investigate Google for possible violations of the country’s antimonopoly law. While Google has not operated its core products, such as Search or YouTube, in China for years, largely due to its refusal to abide by China’s censorship regime, the company does work with Chinese businesses to help them connect with, advertise to, and make devices for internet users outside of China. Last December, SAMR opened an antitrust investigation of US-based chip giant Nvidia, likely in retaliation for ongoing US restrictions on chip sales to China, and a multiyear SAMR investigation of Apple over App Store fee levels charged China-based iPhone app developers may also be accelerated as part of the current trade battle.

Context – China’s plan to pull US tech companies into their US trade showdown may be a precursor of other likely trade conflicts during the first part of the Second Trump Administration. The EU has reportedly been developing a strategy to deal with a US tariff broadside promised by President Trump. Among the potential responses, which include targeted retaliatory tariffs designed to impact politically sensitive US regions and industries, is the possibility that US digital giants are targeted using the EU’s new trade retaliation tool called the “Anti-Coercion Instrument” that allows service industry providers to be hit by tariffs and a wide range of other countermeasures, even including revoking intellectual property rights inside the EU. Many of the leaders of the US digital giants have a much different relationship with President Trump than last time and have increasingly called for US Government help to deal with EU regulation. As political allies of the President they might now be seen as more justifiable sanction targets, or maybe they are seen as too close to the throne to really go after, at least in early days.

DeepSeek Blocked in Italy by Data Protection Authorities

Report from EuroNews

In Brief – Italy’s data protection authority, the Garante, has ordered China-based chatbot phenom DeepSeek to block its chatbot in the country after the company failed to address the regulator’s concerns over its privacy policy and data practices. The regulator is focused on the collection and use of data related to Italian users, including what personal data is collected by the chatbot app, for what purposes, on what legal basis, and whether it is stored in China. The Garante said in a statement that the response of the Chinese company to their inquiry was “completely insufficient” and included the claim that it should not be subject to local regulation in Italy or the jurisdiction of the Italian regulator and had no obligation to provide the agency with any information. Apple and Google have removed the DeepSeek apps from their app stores in Italy.

Context – When OpenAI’s Chat-GPT burst onto the stage in late 2022 it upended AI expectations and discourse, and AI-related public policy too. The Garante made a splash in early 2023 by banning the chatbot for failing to conform with the EU’s GDPR privacy law. The regulator questioned many aspects of OpenAI operations including how it collected data to train its models, the implications of hallucinations about individuals, the inability to keep children off the app, and how the company handled user personal information. OpenAI eventually reached an agreement with the regulator focused on how it collected and handled the data input into their systems by Italian users via signups and queries. While the EU has since enacted its AI Act to regulate all AI applications, including chatbot LLMs, European privacy regulators continue to engage in AI regulation as well via EU privacy law. This overlap has been criticized by some corporate AI developers for creating regulatory uncertainty in Europe. DeepSeek being based in China is also an issue with some governments. Researchers have identified that the app transfers user data directly to a Chinese state telecom operator, and government agencies, including in the US, Australia, and South Korea, are moving to prohibit the app on government employee devices.

Apple Criticizes New EU DMA Regime that Allows iPhone Porn Apps

Report from The Verge

In Brief – Apple reacted to the public introduction of Hot Tub, an iOS pornography app that will be available to iPhone users in the EU through the alternative app store AltStore PAL, by criticizing the European Commission’s regulatory decisions. Although AltStore PAL described the porn app as the first ever “approved” by Apple, the iPhone developer derided the claim saying, “Contrary to the false statements made by the marketplace developer, we certainly do not approve of this app and would never offer it in our App Store. The truth is that we are required by the European Commission to allow it to be distributed by marketplace operators like AltStore and Epic who may not share our concerns for user safety.” The EU Digital Markets Act (DMA) prohibits the largest “gatekeeper” platforms, including Apple, from preferencing their own services or prohibiting competitors from operating on their core services unless they would harm the hardware or software. Both AltStore PAL and Hot Tub cleared that technical review. But their content violates longstanding Apple App Store rules and are available only due to EU mandates. Apple added, “This app and others like it will undermine consumer trust and confidence in our ecosystem that we have worked for more than a decade to make the best in the world.”

Context – There are 7 DMA gatekeepers that operate 24 “core platform services” that must comply with 18 regulatory mandates. Apple has four covered services, including the App Store. The DMA challenges Apple’s core user proposition more than the other gatekeepers. Rather than using technical or non-transparent practices to shape its platforms, Apple built an openly restrictive “walled garden” with a value proposition that the Apple platform was better at promoting privacy, security, and a consistent user experience, including blocking porn apps. And their devices have been very popular with users. Last June, the Commission determined that Apple’s changes to its App Store rules and fees were insufficient and a fine is expected, although EU tech mandates and fines have been criticized by US President Donald Trump and may be under review.

Google Faces Skeptical Judges in Appeal of Antitrust Loss to Epic Games

Report from Bloomberg

In Brief – Lawyers for Google and Epic Games faced off in front of a panel of US Ninth District Court of Appeals in Google’s challenge of its antitrust loss to Epic Games and the subsequent remedies crafted by Federal Judge James Donato. A jury ruled that Google violated federal antitrust law in the operation of its Android mobile operating system and the Google Play app store. Judge Donato then crafted remedies that include allowing app developers to stop using Google’s payments service that collects Google’s fees, requires Google to allow developers to distribute their own app store apps in the Play Store, and gives those third-party app stores access to all the apps available on the Play Store. Google argues that the jury ignored the robust competition between Apple and Android, in part due to improper instructions from Donato, and that their decision runs counter to the federal court ruling that Apple’s similar app store restrictions are legal. Google also argued that the trial should not have been before a jury and that Donato’s remedies go well beyond the facts of the case. The appeals court panel seemed especially skeptical of Google’s argument that their loss should be rejected because Apple won, as well as that they had a legal right to change to a bench trial very shortly before the trial was set to begin.

Context – Epic filed antitrust suits against both Apple and Google in 2020. Apple largely prevailed. Google lost. The fact that the “closed” Apple ecosystem with a larger market share was on the right side of antitrust law struck many as odd, but Apple had a bench trial while Google faced a jury of people potentially primed against Big Tech, and Google’s complicated regime of rules, contracts, and revenue-sharing deals, especially with device makers, proved problematic. Similar company practices were a big problem in Google’s antitrust loss to the US Department of Justice that determined they maintained a monopoly in online search. While Epic is challenging Apple’s compliance to an anti-steering order in another federal courtroom in California, both companies are facing demands to open app distribution in Europe, Japan, South Korea and other markets.

First EU AI Act Rules Come into Force Banning Unacceptable AI Uses

Report from TechCrunch

In Brief – The first regulatory compliance deadline of the EU AI Act went into effect on February 2, 2025, with companies required to comply with the rules related to AI applications that are prohibited under the law except with very limited exceptions. The AI Act categorizes AI applications into four risk levels: minimal, limited, high, and unacceptable. The initial set of rules apply to the highest risk AI systems that are basically never allowed. They include systems to build social credit scores or determine individuals’ risk profiles, using biometrics to infer a person’s personal characteristics, like their sexual orientation, or systems that try to infer peoples’ emotions at work or school. The collection of “real time” facial recognition in public places is restricted but not banned for law enforcement. The law also prohibits the creation, or expansion, of facial recognition databases from security cameras, or, in a shot at Clearview AI, from scraping images from online sources. While complying with this first set of rules will be mostly pro forma for large AI developers, a lengthy compliance timeline related to other AI Act guidelines follows, including the rules to be imposed on the largest general Generative AI systems.

Context – The biggest question in AI public policy remains whether governments are moving toward direct regulation or “soft law” governance. Some believe regulatory guardrails will benefit AI development by easing user uncertainty. Others argue the burdens will breed uncertainty, slow innovation, and drive entrepreneurs and investment elsewhere. The EU’s AI Act is the standard for regulation. The Trump Administration revoked the Biden AI executive order and is in the investment-focused camp, and the Starmer Government is focused on AI investment as well. Inside the EU, final AI Act holdouts included champions of local generative AI leaders such as France’s Mistral. The breakthroughs of China-based AI upstart DeepSeek gives EU challengers hope, but the coming rounds of the EU’s AI regulations are unlike anything likely to emerge in the US, or in China either, where AI guardrails are focused on state censorship rules.

DoJ Sues to Block HPE – Juniper Networks Deal

Report from Bloomberg

In Brief – In its first major merger action since the beginning of the second Donald Trump Administration, the US Department of Justice (DoJ) has sued to block the $14 billion acquisition of Juniper Networks by Hewlett Packard Enterprise (HPE). The DoJ’s complaint, filed in federal court in California, argues that the deal would combine the second and third largest competitors in the WLAN (Wireless Local Area Network) market for networking gear used by large enterprises and leave the top two WLAN providers, Cisco Systems and HPE, with 70% of the US market. The DoJ extensively cited internal HPE communications over years detailing the competitive pressure from Juniper, with HPE shifting strategy in 2024 from beating the growing rival to acquiring the competitor, as well as providing market share analysis that the agency claims show the acquisition violating traditional anticompetitive thresholds. In a joint statement, HPE and Juniper said the Justice Department’s analysis was “fundamentally flawed”, ignores “well capitalized competitors in the US”, and that they will defend the acquisition in court. The reported walk-away date for the deal is in October, which should allow time for an initial court ruling.

Context – The aggressive antitrust agenda of the Biden Administration contributed to some high-profile opposition in the business and M&A communities, especially in high tech. Despite the new administration including several economic populists that are very critical of the largest digital giants, led by Vice President Vance and some top officials at the enforcement agencies, there has been widespread belief that antitrust enforcement would moderate some, at least beyond the treatment of the biggest of Big Tech. Therefore, this acquisition challenge, which began during the previous administration, is seen as a potentially important signal. However, don’t miss the China angle. While the EU and the UK enforcers cleared the acquisition last year, there has been less concern with China-sourced network gear in Europe than in the US, and Huawei is a top WLAN competitor that the DoJ will likely want to remove from US market share considerations.

Mobile Device Location Data Broker Kochava Settles Privacy Class Action

Report from MediaPost

In Brief – Kochava has reached a settlement in a private class action lawsuit that will require the data broker to make several major privacy changes. The agreement filed with US District Court Judge B. Lynn Winmill requires the company to implement six policy changes, including allowing consumers to opt out of the collection of their geolocation data through a simple web form, block the sharing or use of raw location data associated with so-called “sensitive” venues including health care facilities, schools, and jails, and ensure that location data that is collected during the operations of an app can only be used by that app’s developers unless the user has consented to general location sharing. The company also agreed to pay the plaintiffs’ lawyers $1.5 million and provide $17,500 to each of the lead class members, but beyond that there was no financial award. If approved by Judge Winmill, the settlement will resolve several lawsuits that were filed in 2022 and 2023 after the US Federal Trade Commission charged Kochava with acting unfairly by allegedly selling mobile device data that could expose sensitive information, such as whether people visited doctors’ offices or religious institutions.

Context – Judge Winmill is also presiding over the FTC’s lawsuit against Kochava. The judge dismissed the initial FTC foray as too “theoretical” and that failed to show evidence that the sale or use of the data collected by Kochava caused any actual substantial injuries. But he agreed in his review of the subsequent effort that it was possible that if Kochava’s business customers could purchase data that is granular and non-anonymized that it could expose consumers “to significant risks of secondary harms” and could be an “unfair” trade practice. Kochava’s CEO has argued that the regulator’s lawsuit was “really about the FTC attempting to make an end-run around Congress to create data privacy law.” Although there were widespread business concerns with the regulatory activism of the FTC led by Chair Lina Kahn, the new Chairman, Andrew Ferguson, did support the filing of the FTC’s second amended complaint against Kochava last July.

German Court Appears Likely to Reject Apple’s Challenge to Special Antitrust Standard

Report from Bloomberg

In Brief – Apple’s legal challenge to the German Federal Cartel Office (FCO) designation that they are a digital company “of paramount significance on competition across markets” appears to face skeptical judges on the Federal Court of Justice in Karlsruhe, the country’s top civil court. Apple is one of five digital giants, along with Google, Meta, Amazon, and Microsoft, that are covered by Section 19(a) of the German Competition Act that enables the country’s competition regulator to prohibit the largest digital companies from undermining competition in any market in which they operate. The law requires the FCO to first determine if a digital company meets the standard of having paramount significant across markets, and then the agency can establish rules to protect competition in the markets they occupy, such as prohibiting preferential treatment for their own services or hindering interoperability. The FCO ruled in April 2023 that Apple was so designated, but the iPhone giant challenged the determination arguing that the FCO did not present an accurate picture of the hardware market in Germany and the competition that Apple faced. In the hearing, Presiding Judge Wolfgang Kirchhoff cited a long list of reasons why Apple likely qualifies for tighter regulation under Section 19(a), including its financial power, its market shares, and the fact that it bundles its hardware and software products.

Context – The German law allowing the FCO to regulate digital giants was a harbinger of the EU’s Digital Markets Act. Some German officials have questioned the DMA for being too limited in the types of conduct they can address. While there are seven DMA “gatekeepers”, only 24 of their designated “core platform services” are covered by the law. Section 19(a) authority allows the FCO to regulate any service of a designated digital giant. For example, the FCO used its authority to regulate Google’s auto services that are currently outside the scope of the DMA. Allegations that Microsoft uses Office 365 to benefit products like Teams and its cloud services are not in scope for the DMA, but they are for the FCO.

UK CMA Targeting Apple and Google Mobile Systems with DMCC Probes

Report from TechCrunch

In Brief – The UK Competition and Markets Authority (CMA) has opened investigations of the mobile ecosystems run by Apple and Google under the Digital Markets, Competition and Consumer’s Act (DMCC) to determine if the two digital giants have “strategic market status” (SMS) under the law designed to protect competition in digital markets. The regulator has been investigating the two mobile businesses since 2022, including their operating systems, app stores, and access to hardware capabilities. The CMA will be looking at “competition between and within” Apple’s and Google’s respective ecosystems, including whether the two “favour their own apps and services” or use barriers that may be preventing others from competing. Apple responded to the announcement saying, “We face competition in every segment and jurisdiction where we operate, and our focus is always the trust of our users,” while Google said, “Android’s openness has helped to expand choice, reduce prices and democratise access to smartphones and apps” while noting its open-source operating system. The SMS processes for the Apple and Google mobile ecosystems are expected to run through October.

Context – The chance that the Apple and Google mobile ecosystems won’t have SMS per the DMCC is near zero. The same will be true in the Google Search probe opened two weeks ago, and almost certainly in the DMCC probes of Amazon AWS and Microsoft cloud businesses expected from the CMA soon. All four companies are “gatekeepers” under the EU’s Digital Markets Act (DMA), and the DMCC is the UK’s parallel digital regulation regime. The DMA imposes 18 high-level mandates on 24 platforms of seven gatekeepers while the DMCC aims to impose a company-by-company tailored set of rules. That rule-setting process is now underway as the UK’s Starmer Government tries to chart a regulatory path that is perceived as more digital business friendly than the EU to promote more tech-led economic growth, with highlights including the recent sacking of the Chair of the CMA and a new Growth and Investment Council with business leaders.