EU Tasks Experts with Developing AI Act Rules for General Purpose AI

Report from Euractiv

In Brief – The European Commission announced the chairs and co-chairs of the working groups to develop the first Code of Practice for “general purpose AI systems” like Chat-GPT that is required by the EU’s AI Act and held the first plenary meeting. The code will flesh out the rules for providers of general-purpose AI models that will apply starting next August. Four working groups will focus on data transparency and copyright, risk identification and assessment, technical risk mitigation, and internal risk management and governance of AI developers. The 13 leaders bring significant technical, legal, social, and scientific expertise, includes citizens of the EU, United States, and Canada, and is heavily weighted to representatives of academic and research institutions. The first online plenary session was on September 30 and three more are planned before a closing plenary in April. Among the chairs are Yoshua Bengio, a professor at the University of Montreal who is often referred to as one of the three ‘godfathers of AI’, who will lead the risk mitigation group, and Marietje Schaake, a former MEP and now a fellow at Stanford’s Cyber Policy Centre, who will lead the governance group.

Context – The AI Act was initially designed as a tiered risk-based regulatory regime for applications using AI technology not AI technology itself. The stir created by the release of Chat-GPT caused the EU Parliament to change course and include regulation of large “foundation models” regardless of application. This shift was divisive and EU-based AI innovators pushed for lesser mandates on developers of smaller models. Many business leaders continue to argue that Europe imposing strict rules will drive investment and innovation to countries that hold back on AI regulation. The legislation pushed many specifics to the regulatory process, including rules that will emerge in this code. Some especially divisive issues include the application of copyright law and data privacy to AI model training, the transparency of AI models, and responsibility for harms caused by downstream AI applications and users.

eBay Wins Dismissal of Department of Justice Lawsuit Over Unsafe Products

Report from Reuters

In Brief – US District Judge Orelia Merchant has dismissed a lawsuit filed by the US Department of Justice (DoJ) that accused eBay of unlawfully selling “hundreds of thousands of products” that violated a range of environmental laws. The products were all sold by third-party sellers using the eBay marketplace, with the sellers holding possession of the products. The judge largely based her ruling on Sec. 230 of Communications Decency Act, rejecting the DoJ arguments that the platform was liable for the actions of its users and that eBay was a seller of the products because it was involved in the exchange of the money, noting instead that eBay never held title or possessed the products at issue. Merchant added that eBay’s administrative and technical support to sellers “does not materially contribute to the products’ alleged unlawfulness” and does not make the company itself a “publisher or speaker” on sellers’ behalf. eBay said maintaining a “safe and trusted marketplace” was fundamental to its business and it would continue to invest significant resources to prevent prohibited items from being sold on its platform.

Context – This decision reinforcing the long-standing understanding that Sec. 230 liability protection applies to online marketplaces is an obvious win for third-party ecommerce services providers. It’s also noteworthy that Judge Merchant highlighted that eBay was operating as a marketplace platform rather than possessing and handling the products in question. This is a very different scenario from Amazon in a recent ruling by the US Consumer Product Safety Commission (CPSC) that requires the ecommerce giant to abide by retailer-like recall requirements when products are sold on its ecommerce site by third-party sellers and are also physically handled in the company’s fulfillment centers. Those products look more like items provided by wholesalers in the traditional retail context rather than independent retailers selling on a true third-party marketplace. The CPSC, the FDA, and several product liability lawsuits are all now pushing the legal and regulatory argument than when Amazon operates both a marketplace and logistics network holding products that they are a retailer-like business.

Google Files EU Antitrust Complaint Against Microsoft for Cloud Practices

Report from the Wall Street Journal

In Brief – Google said it has filed a formal complaint against Microsoft with the European Commission antitrust regulator accusing the software giant of abusing its market power in enterprise software to push businesses to use its Azure cloud platform and keep them locked in. Microsoft is the #2 cloud services provider in Europe, with Amazon tops, Google third, and Alibaba fourth. Google is not the first cloud services competitor to complain to EU officials about how Microsoft uses software licensing terms, pricing, and other practices to incentivize business customers who use their market-leading software packages to also use Microsoft cloud services. EU-based cloud providers, each smaller than the top US and China-based companies, filed similar complaints against Microsoft in 2022 and the two sides settled in July after Microsoft agreed to make changes to their software practices. However, those Microsoft policy changes only apply to software customers who use the EU cloud providers, not Amazon, Google and Alibaba. While Google and Microsoft had a legal and public policy truce for a while, that’s long passed.

Context – Allegations that Microsoft leverages its dominant software packages, including Office 365 and Windows OS, to preference its other digital services, is a complaint that extends beyond Azure cloud services. The European Commission recently found that Microsoft has engaged in anticompetitive conduct by bundling its Teams service into Office 365 nearly four years after Slack filed an antitrust complaint. German software company NextCloud accuses Microsoft of unfairly bundling its OneDrive cloud system into Windows. The EU’s Digital Markets Act (DMA) regulatory regime will likely impact some or all of these issues at some point. Microsoft is a DMA gatekeeper (as are Amazon and Google). Microsoft’s Windows OS and LinkedIn are currently designated as regulated core platforms. And while the DMA does apply to cloud services, none of the gatekeepers’ cloud businesses have so far been designated as regulated core platforms.

FTC Releases Staff Report Detailing Lots of Data Collected and Used Online

Report from the Washington Post

In Brief – The US Federal Trade Commission has released a 129-page staff report that sums up the findings of a four-year study of the data collection and use practices of nine of the largest social media and video platforms. Besides noting that the companies collect immense volumes of user data, the FTC staff criticized them for using the data to power advertising services, direct content to users that is designed to keep them engaged on their platforms, and train AI systems. The fact that many young people, including teens, use the services, also comes in for much criticism. The report includes calls for Congress to extend COPPA regulations up to the age of 18 and also enact “comprehensive federal privacy regulation”.

Context – In the spirit of Casablanca’s Captain Louis Renault, the FTC is shocked, shocked to find that data collection and targeted advertising is going on over the internet. Like most things involving social media, there is a thin sheen of bipartisanship covering deep partisan fissures. All five FTC commissioners voted to release the report but there is little substantive agreement beyond there. The process began during the Trump Administration and many Republicans continue to complain that the platforms discriminate against conservative viewpoints. The two Republican commissioners submitted statements that are quite critical of the report. The FTC’s Democratic majority are fully committed to online advertising being anti-privacy and anti-consumer, deriding data collection as “commercial surveillance”. Moving beyond the political theater of the report, it’s worth taking the temperature of privacy-related federal bills. “Comprehensive” privacy legislation seems unlikely. A deal between House and Senate committee chairs has hit a House stumbling block. Other big hurdles include the legislative calendar, business antipathy for the current FTC, and GOP reluctance to give President Biden a big win. So, progressives are calling on FTC Democrats to enact federal privacy regulations now. Finally, some manner of online “child safety” legislation, such as expanding COPPA, is sure to be pitched in a post-election Lame Duck.

Meta Responds to Polish Copyright Law by Changing News Links

Report from Notes From Poland

In Brief – Facebook has changed how news links appear on its site in Poland, announcing that it will no longer include images and text summaries when third parties post media stories. Only the title and link will appear. The company says the policy is in response to the new Polish copyright law, which includes so-called “neighboring rights” for copyright holders. Facebook alleges that the proper treatment of non-commercial posts from third parties is not clear and therefore it will not add images or summaries that could require trigger payments. Media companies are directed to ensure that their own posts are properly labeled so that Facebook’s systems include images and summaries. Media companies reacted harshly, accused Facebook of exploiting its dominant position, and said they would explore legal action.

Context – This is one more front in the global media company campaign to have governments force Google and Meta to pay them when their content appears on the platforms. One thread involves government-supervised binding arbitration imposing licensing rates, which started in Australia, was picked up by countries including Canada, and has been considered by the State of California. While Google and Facebook agreed to pay media companies in Australia, Meta has since diverged from Google, blocking media posts in Canada to avoid the payments regime, and threatening to do so in California and Australia. Google pays in all those locales. In the EU, the 2019 Copyright Directive created neighboring rights to require license payments for news snippets. France changed its copyright law and called for Google to pay media companies. When Google threatened to stop using snippets, France’s antitrust regulator determined that stopping snippets was an abuse of Google’s search dominance and directed Google to pay. Poland is the last EU member state to implement the Copyright Directive, and its final version addressed media complaints. Meta’s reluctance to pay media companies when users, rather than Meta, post news content, is in line with their recent policy. The next big decision likely rests with Polish competition regulators.

Google Likely to Get a Negative DMA Preliminary Finding on Search Plan

Report from Bloomberg

In Brief – The European Commission is reportedly planning to issue preliminary findings that Google is not meeting the requirement of the Digital Markets Act (DMA) to treat vertical search rivals fairly. The formal chargesheet is expected in October, although the upcoming changeover in Commission leadership could delay the release. How Google’s main search service treats so-called “verticals”, specialized websites to search for things like hotels, airfares, retail products, local services, or jobs, has been a top concern regarding Google’s DMA compliance plan. Many vertical search providers believe that they have long been penalized by the digital giant who was intent on bolstering its own specialized search offerings. The concern sparked the EU’s first antitrust case against Google, and vertical providers continue to call on regulators to demand better treatment from Google. At the same time, many companies that aim to sell directly to online consumers, such as airlines, hotel chains, and retailers, argue that they should not be penalized in Google search results. Commission officials recently held a series of workshops with search market stakeholders, followed by a meeting with Google representatives. One proposal reportedly floated by the search giant would give users the option of navigating to alternative vertical search platforms or to directly search suppliers, such as hotel and airline websites. The Commission is due to issue its final decision on Google’s DMA plan by March.

Context – There are currently 7 DMA gatekeepers, and they operate 28 “core platform services” that are required to comply with the law’s regulatory mandates. In March, the Commission opened compliance investigations of Apple’s App Store, Meta’s plan to offer an ad-free subscription alternative for Facebook and Instagram, and Google’s treatment of vertical search. The Commission has already issued preliminary findings against Apple and Meta and looks set to add Google search to the mix. EU referees are certain to hear endless advice on how Google should do search in a fair way from here to the end of time.

California Governor Vetoes Landmark AI “Safety” Regulation Bill

Report from the Washington Post

In Brief – In a much-anticipated decision forced by the California State Legislature passing a bill to create the first major artificial intelligence regulatory regime in the US, Governor Gavin Newsom (D) vetoed SB 1047. The bill was the subject of intense lobbying for and against, serving as a proxy debate over AI regulation in the US as the Congress refrains from backing meaningful AI legislation. Many of the biggest California-based tech companies and leaders of state’s venture capital sector argued that the bill would reduce AI innovation and investments in the state. Advocates of so-called AI “safety” claimed that the bill only required large AI developers to implement AI testing and reporting policies that they have already committed to. The bill applied the most stringent mandates to AI models that involved at least $100 million in investment, and Newsome argued that this focus on large AI models ignored the possibility that smaller AI systems could involve highly sensitive data or be used in high-risk situations, while bigger models might be used to handle low-risk activities.

Context – The veto is likely about investment and is best understood in the context of the EU’s landmark AI Act. It was initially designed as a “risk-based” technology-neutral regime with mandates based on the purpose of the application using AI technology, not the underlying AI technology. However, the EU Parliament changed course following the sensational release of Chat-GPT and the final version of AI Act regulates large “foundation models” regardless of application. Newsome’s critique of SB 1047 harkens back to the risk-based theory rather than special mandates for the largest system. US progressives generally applaud aggressive tech regulation that is enacted in Europe but fails in the US Congress, including the expansive AI Act. They were among the top backers of the California bill. Just as critics of the EU regime argue it will nudge European AI innovators and entrepreneurs to move to the US to grow businesses, critics of the California bill were saying the same about pushing AI commercialization to less regulatory states. They prevailed in Sacramento.

Flipkart Sellers Suing to Delay Indian Marketplace Antitrust Case

Report from Reuters

In Brief – Three large Flipkart sellers have filed suit to block the Competition Commission of India’s (CCI) investigation of Amazon and Flipkart that found the two ecommerce marketplaces and several of their largest sellers in violation of competition laws. The antitrust agency, which began an investigation of the two leaders in Indian ecommerce in 2020, found that both US-owned platforms violated competition law by giving a few large-volume sellers preferences to boost their sales compared to other smaller retailers. A former high-volume apparel seller on Amazon’s marketplace, the largest in the country, filed a similar suit last week and won a temporary injunction from the High Court in Karnataka state. The three mobile phone sellers on Flipkart, which is owned by Walmart and is the country’s second-ranked marketplace, allege that they were called to submit data to help the CCI’s investigation, cooperated, but were later named as accused, which they argue violates due process.

Context – The Indian ecommerce market, hyped for long-term growth potential, has followed a unique development path due to the country’s strict foreign investment laws that prohibit foreign ownership of multi-brand retail businesses, online or offline, but allows third-party marketplaces for independent sellers to be owned by non-Indian businesses. Therefore, the country’s US-owned ecommerce leaders structure operations as marketplaces providing a platform for independent retailers. But they have faced years of accusations from Indian retailers that they violate the FDI laws and operate as retailers with a few giant sellers actually serving more like wholesalers. The charges against Amazon were highlighted by a 2021 Reuters expose based on leaked documents that detailed how Amazon operated its business without any formal first-party retail. Flipkart appealed to the Indian Supreme Court that there was no similar evidence surrounding its seller practices, but it was turned down. Throughout, Amazon has also been engaged in a pitched legal and business competition with Reliance Industries, an emerging domestic ecommerce powerhouse owned by Mukesh Ambani, India’s richest man.