News insights
July 2024
California State Supreme Court Upholds Prop. 22 Protecting Gig Driver Model
Report from the New York Times
In Brief – In a unanimous decision, the California Supreme Court upheld the validity of state Proposition 22 that overruled California’s AB 5, legislation that would have forced “Gig Work” companies like Uber, Lyft, and DoorDash to classify drivers and delivery people who used their platforms as company employees. AB 5 was enacted in 2019 and the big ridesharing and delivery platforms were top targets, but many industries that traditionally used independent contractors were caught up and lobbied to be exempt. Some were excluded in the original law and some in further changes enacted in 2020. However, the state legislature rejected the ridesharing and delivery companies who then appealed directly to California voters with ballot initiative Prop. 22 to exempt their industries from the law and allow their workers to remain independent contractors while requiring the platforms to provide some employee-type benefits. Prop. 22 comfortably passed in the 2020 election, but it was challenged in court on technical grounds by opponents arguing it was too broad and too restrictive of the state legislature. The state litigation has finally run its course with a major win for the backers of Prop. 22, preserving the independent contractor model for their industries’ workers. Gig work opponents criticized the decision and the platform companies, and indicated that their litigation strategy might turn to challenging company benefits policies.
Context – Just weeks ago, the Federal Ninth Circuit Court of Appeals rejected a lawsuit by Uber and Postmates to overturn AB 5, arguing it violated the Equal Protection clauses of US and California constitutions by exempting many industries but not theirs. That decision would have mattered a lot more if the California Supreme Court voided Prop. 22. But it didn’t. So the ridesharing and delivery platforms remain exempt. While reclassifying platform-enabled independent workers into employees has been at a standstill in the US since Prop. 22 played out in deep blue California in 2020, the biggest ridesharing companies recently agreed to new driver minimum wage deals in Minnesota and Massachusetts, a move that will likely proliferate.
Spanish Competition Authority Investigating Apple’s Developer Terms & Conditions
Report from TechCrunch
In Brief – Spain’s antitrust regulator, the National Commission for Markets and Competition (CNMC), has announced that it is investigating Apple for imposing unfair terms on developers using the App Store to distribute their applications. The probe is notable because the European Commission Competition Authority recently announced its own investigation of Apple’s App Store policies as the company’s regulator under the new Digital Markets Act (DMA). The Commission believes that Apple fails to allow app developers to freely steer consumers to alternative buying channels outside the Apple ecosystem, questions fee levels imposed on off-Apple purchases, and is looking at the company’s proposal for a new per-download “Core Technology Fee” for large developers. The CNMC appears to be trying to supplement but not overlap the EU effort so that it can engage with Apple at the same time. It is targeting Apple’s developer guidelines, including clauses that force Spanish developers to take their disputes with Apple to court in Ireland, rather than in Spain. While the Apple terms and conditions being reviewed by the CNMC likely fall under the DMA’s 18 mandates, and therefore could be targeted by EU regulators, at this point the Commission is engaged on other priorities with Apple.
Context – Apple and Meta recently announced they would be withholding some new AI services from the EU due to “regulatory uncertainty”. What accounts for uncertainty? One aspect is multiple regulators having authority over the same laws and policies. The European Commission being the lead enforcer of the DMA was a central feature of the law, but a week ago Italy’s competition authority announced it is investigating Google’s terms and conditions for users and now Spain’s is investigating Apple’s T’s & C’s for developers. Also, different legal regimes covering the same policy matters. The issue of valid user consent for data usage and ads appears to be governed by the GDPR, DSA, and DMA. Finally, a growing number of Commission and member state regulators are getting involved on AI even as the Commission stands up its AI Office.
Online Child Safety Bills Clear Major Senate Procedural Hurdle
Report from the New York Times
In Brief – The Senate voted 86-1 for a key procedure needed to pass two bills aiming to improve online safety and privacy for children and teens under age 17. The Kids Online Safety Act (KOSA) is touted as requiring social media, online gaming, and other platforms often used by young people to follow “safety by design” and imposes a “duty of care” on the companies to keep younger teens from using services that employ design features that some allege are “addicting”. The Children and Teens’ Online Privacy Protection Act (COPPA 2.0) expands the data collection and targeted advertising restrictions that currently apply to children under 13 and applies them up to age 16. Only Republican Rand Paul (KY) voted to block consideration of the bills with an impassioned speech against KOSA that called it a “Pandora’s box of unintended consequences” that would stifle First Amendment-protected speech. That measure also continues to face opposition from some progressive advocates for vulnerable youths, including those in the LGBTQ community, as well as long-time champions of online free speech such as Sen. Ron Wyden (D-OR) who said he would vote against the bill.
Context – Earlier this month major bipartisan digital privacy legislation hit the shoals in the US House as top Republican leaders expressed concerns with its scope, expanded power for regulators, and the threat of more class action lawsuits. The House may be a big hurdle for these bills as well. The massive Senate vote is deceptive. Most elected officials won’t cast a public vote against kids’ safety, but there remain big concerns on the left and right. (Which side are 1st Amendment concerns on?) The election means very few actual days are left for legislating and Republicans are not likely to give the Biden-Harris White House a win. If the bills fail to get a House vote, expect a lot of post-election Lame Duck talk. Finally, federal judges have been finding state laws regulating teens online to be constitutionally questionable and the Supreme Court has agreed to hear a case on the 1st Amendment and privacy implications of online age verification.
US, EU, UK Regulators Sign Joint Statement on Competition in AI
Report from Reuters
In Brief – The competition policy regulators of the European Commission, Great Britain, and the United States have signaled their alignment regarding the anticompetitive risks posed by Artificial Intelligence. The joint statement signed by EU Competition Authority, the UK Competition and Markets Authority (CMA), the US Federal Trade Commission and US Department of Justice commits the agencies to, “work to ensure effective competition and the fair and honest treatment of consumers and businesses,” and sets out fair dealing, interoperability, and choice as key principles to support competition and protect consumers. The agencies also agreed to share with each other their understanding on the AI issues arising in these markets. So-called “foundation models” are of particular concern, and the regulators noted their concerns with the prospect of their developers concentrating control of key inputs needed to develop the technology and the potential for firms to entrench or extend their market power in AI related markets, including through investments and partnerships between incumbents and newcomers.
Context – Regulation advocates do not want governments making the “same mistakes” with AI they allegedly made with social media. Antitrust enforcement is high on the list. In the US, the two federal antitrust agencies have agreed to divide lead authority on two big potential AI-related targets, with the DoJ taking on Nvidia issues and the FTC looking into Microsoft’s relationship with OpenAI and other AI startups. The presumption that massive size will be key to AI success is strong with many regulators, but some AI experts see the largest generative AI foundation models hitting a point of diminishing returns and believe that smaller specialized AI systems may prove more efficient. The biggest leaps in commercial AI in recent years have come from startups such as OpenAI and Clearview AI. With so much progress being made in startups, and antitrust regulators frowning on acquisitions by the largest tech firms, entire development teams of some AI startups are being hired into tech giants, drawing new scrutiny.
Google Abandons Plan to End Third-Party Cookies in Chrome
Report from Wall Street Journal
In Brief – Google is abandoning its “privacy sandbox” plan to end the use of third-party cookies for tracking in its Chrome browser and will instead implement a more robust user option to decide how the browser treats cookies. The announcement comes almost five years after Google first said they intended to replace the tracking tech with other ad targeting tools they claimed would address user privacy interests, widely seen as a response to Apple’s privacy critiques. However, Google’s ad business is far larger than Apple’s and Chrome is also the top browser. Right from the start, concerns emerged in the digital advertising industry that Google could use the changes to undermine competitors and regulators took note. Google repeatedly promised to work with industry stakeholders and reached a novel agreement in 2022 with the UK’s Competition and Markets Authority (CMA) for the agency serve as a kind of lead regulator certifying that the new ad targeting tools would not unfairly benefit Google. In the past year, as the tools were tested with CMA oversight, industry concerns remained, and then the UK’s data privacy regulator joined the review process and adjudged the plan as falling short on user privacy. Facing ongoing and conflicting stakeholder concerns, the company says that it will shelve the plan to end third-party cookies and instead will give users a clear up-front cookie option that users can revisit at will.
Context – Privacy advocates hate targeted advertising and the digital ad ecosystem. Results from Apple’s policy to require apps to get up-front approval from users for ad tracking show most users reject it when it carries no cost. But, when offered a choice between paying or accepting ads, most choose ads. The EU’s Digital Markets Act regulates the ad businesses of Google, Meta, and Amazon. The EU Commission is challenging Meta’s proposal to offer a choice between a paid subscription and its standard targeted-ad model. The Commission argues that a free option with less effective untargeted ads must be an option. Meanwhile, the Italian competition regulator is challenging how Google’s DMA plan proposes to ask users about combining data from different services, claiming it is not clear enough about how it benefits advertising.
Judge Limits SEC Authority to Regulate Corporate Cybersecurity Practices
Report from Bloomberg
In Brief – US District Judge Paul Engelmayer issued a setback to the US Securities and Exchange Commission (SEC) in its effort to regulate the cybersecurity practices of public companies. Engelmayer’s order dismissed most of the charges brought by the SEC against SolarWinds Corp. that alleged the software provider misled investors about its internal cybersecurity practices and the significance of a major data breach that included damage to US government agencies. The case marked the first time the securities regulators went to court with civil-fraud claims, the most serious charges at its disposal, against a public company that suffered a cyberattack. The agency also directly targeted the company’s chief information security officer with many of the charges in the complaint. The judge rejected a range of SEC’s claims, including that the company did not properly reveal to shareholders the full scope of the attack, calling that “hindsight and speculation”. He also rejected and criticized the agency’s effort to use its authority to oversee corporate accounting practices to broadly cover all corporate systems to safeguard valuable assets. Most of the charges brought against the company’s chief security officer were dismissed as well. The judge did permit the SEC to proceed on a charge claiming that the company misrepresented its cybersecurity practices to investors prior to the attack, although he ruled that the representations were approved by senior company management.
Context – The SolarWinds ruling is another federal court rebuke for a federal regulatory agency that is attempting to use existing legal authority to act against a problem that some argue Congress has not addressed. It comes on the heels of a series of Supreme Court rulings seen as paring back the authority of federal agencies. In this case, the expansion of the accounting laws in the decades-old Foreign Corrupt Practices Act to cover cybersecurity practices, which has been a strategy of the SEC majority opposed by the two Republican commissioners, has been seen as particularly noteworthy and now has received direct criticism from the federal bench.
Opera Asking EU General Court for Browser Choice Screen on Windows OS
Report from Neowin
In Brief – Opera, a maker of web browsers, has filed a lawsuit in the European General Court challenging the European Commission’s decision pursuant to the Digital Markets Act to not require Microsoft to provide a web browser “choice screen” on its Windows OS software. The law regulates the top platforms of the largest digital “gatekeepers” by imposing 18 behavioral duties that are modeled on competition law principles and enforced proactively by the Commission. Among the duties of a gatekeeper’s core platform service operating system is to easily enable end users to change default settings on core services such as web browsers and search engines, including through so-called “choice screens” at the time a user initially sets up their device. Although Microsoft was designated as a DMA gatekeeper and its Windows PC operating system was designated as a core platform service, the Commission has interpreted Article 6 of the DMA to require choice screens on a gatekeeper’s core platform service operating system only for that gatekeeper’s other core platform services. The Commission determined that Microsoft’s Edge was not itself a core platform service because it is not that widely used. Opera believes that browser competition will be enhanced for users of personal computers operating the Windows operating system if a browser choice screen is imposed on Windows in the way it is impose in the mobile environment on Google’s Android and Apple’s iOS.
Context – Opera will argue to the EU’s second top court that the purpose of the DMA is to “free user choice from the control of powerful digital platforms” like Microsoft’s Windows. They claim that imposing browser choice screens on Google’s Android and Apple’s iOS has resulted in consumers’ “increasingly picking” alternative browsers. Not imposing the same requirement on Windows because Microsoft’s own pre-selected browser is itself not very popular itself, resulting in many users eventually switching unprompted to one of the top two browsers, both owned by other gatekeepers, is failing to fully promote competition in the browser market. But the current interpretation does reduce the number of choice screens at setup.
New UK Labor Government Not Quite Ready to Move a UK AI Act
Report from the Euractiv
In Brief – Despite reports in the run up to the Kings Speech that the 2024 legislative plan of the new UK Labor Government led by Kier Starmer would include details on the introduction of an artificial intelligence bill to create binding rules to regulate the most advanced AI models, the address only included a sentence that boiled down to saying that something would be coming later. The Starmer Government, “will seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models.” That even fell a little short of Labor’s campaign manifesto that pledged, “to ensure the safe development and use of AI models by introducing binding regulation on the handful of companies developing the most powerful AI models and by banning the creation of sexually explicit deepfakes.” While the details apparently still need to be worked out for a draft bill to be introduced, the Labor approach is expected to be more regulatory than that of the prior Sunak Government, but still less comprehensive than the EU’s AI Act.
Context – The big question in AI public policy is whether governments are moving toward legislating direct regulation, or governance through “soft laws” like AI “best practices” and “safe AI” recommendations. The EU’s AI Act is the standard for concrete regulation. And other EU regulators are stepping up action on AI even before the AI Act goes into effect. Soft laws have been in the ascendency elsewhere. Japan has been a leader of the soft law model, including through the G-7’s “Hiroshima AI Process” that created International Guiding Principles and an AI Code of Conduct for developers. In the US, President Biden issued a massive AI Executive Order that includes many soft law efforts, but also proposes some unprecedented information sharing and “safety” testing mandates for large AI models. Legal challenges are likely if the mandates are enforced, and the Trump campaign has called for repealing the Executive Order. The previous UK Government talked extensively of AI risks but stuck to soft law policies as well.
Italy Competition Authority Challenging Google’s DMA User Consent Plan
Report from TechCrunch
In Brief – The Italian Competition Authority is investigating Google’s new process to obtain user consent to combine data across Google’s largest services. The company instituted a new user consent process to comply with the EU’s Digital Markets Act (DMA), the new law regulating the largest digital gatekeepers. The Italian regulator’s announcement said that it is concerned that Google’s new consent screen amounts to an unfair commercial practice marked by “inadequate, incomplete and misleading information” raising concerns over whether a consumer’s consent would be freely given. The European Commission is the lead regulator for the DMA, which currently applies to 24 giant platforms of 7 companies (Amazon, Apple, Booking, ByteDance, Google, Meta, and Microsoft). The Commission announced in March that they were investigating Google’s compliance plan regarding possible self-preferencing in search, and anti-steering in Google Play, but not the consent flow.
Context – Apple and Meta both recently announced that they would be withholding the release of various new AI services in the EU due to “regulatory uncertainty”. What accounts for uncertainty? In this case, it is about multiple regulators looking at the same thing and coming to different conclusions. The European Commission as the lead enforcer of the DMA was a central feature of the law. And the same for giants under the Digital Services Act (DSA). EU leaders wanted to move regulatory enforcement for the tech giants away from their member states of establishment (the Ireland GDPR experience) to Brussels. The idea that the DMA (or DSA) would end up being enforced by all the member state regulators too is new. Then there is uncertainty due to overlapping laws. The issue of user consent for data usage, and yes, it’s all about trying to circuitously reduce targeted advertising, is governed by the GDPR, DSA, and DMA. Whether a consumer rejecting a paid subscriptions will count as consent is apparently both a GDPR and DMA issue. Finally, the metastasizing of regulators is already happening in the EU with AI services, where they created the new AI Office but member state data security authorities are joining in.
CrowdStrike Sneeze Causes Computer Crash and Microsoft Catches a Cold
Report from theWashington Post
In Brief – CrowdStrike, a large cybersecurity software company that primarily serves corporate customers, sent out a software update early on July 19th that caused computers operating Microsoft Windows to crash and require a very hands-on process to restart. Large consumer-facing CrowdStrike clients, including some airlines, banks, and hospitals were severely impacted. Although CrowdStrike took responsibility, the massive crash was largely referred to as a Microsoft failure and many opponents of “Big Tech” used it to validate their view that giant platforms are risky “monopolies”.
Context – The day after the Washington Post reported the story as “A fatal program update: How CrowdStrike crashed global computer systems”, the same paper ran a story titled “Microsoft’s global sprawl comes under fire after historic outage”. And it was not just the Washington Post, most stories were focused on Microsoft. One likely reason is that few people outside of the world of network security know who or what “CrowdStrike” is. Everyone knows Microsoft. Plus, there is an always-on, fully operational public advocacy community ready to go public when something bad happens on or around a Big Tech platform. And they have many media backers. A leading US regulator’s reaction was, “These incidents reveal how concentration can create fragile systems” and an advocate for more aggressive competition regulation called for Microsoft to be “broken up.” Two days later, the Wall Street Journal still described the story as being a Microsoft problem, which is certainly true from a PR and regulatory perspective. That article did note that the European Union has required for years that Microsoft be open to third-party software from companies like CrowdStrike. It also noted that Apple’s far more closed ecosystem is considered by many to be more secure and therefore less prone to a problem caused by a third-party software company, although it failed to mention that the EU’s Digital Markets Act is forcing all large operating systems to be open like Microsoft is now, and that the EU, US and Japan are all challenging Apple’s possibly more secure “walled garden” model.
Meta Withholding New AI Service from EU Due to Regulatory Uncertainty
Report from Axios
In Brief – Meta has decided that it will not release its new “multimodal AI model” in the EU due to regulatory uncertainty. The service is reportedly capable of dealing with video, audio, and text, and is expected to be incorporated into products like smartphones and Meta’s Ray Ban smart glasses. Meta releases their AI models under open-source licenses that allow others to use and build on them, but they will prohibit third parties from using the new multi-modal model in products or services released in the EU. Meta’s move follows an announcement last month that they were pausing the training of their large language models with publicly shared content posted by their users in Europe, and all their text-based AI-enabled features in the EU, following questions from the Irish Data Protection Commission and other privacy regulators about possible violations of the GDPR. However, the company indicated that it still plans to resolve the regulatory concerns with its text-based models and plans to make the Llama 3 model available for EU customers.
Context – Apple said similar things about regulatory uncertainty being the reason they would hold back iPhone AI features in Europe when the European Commission informed them that their new App Store plans violate the DMA gatekeeper rules. Commissioner Margrethe Vestager criticized Apple saying they must be planning anticompetitive AI services. Meta’s concerns with EU “regulatory uncertainty” must run deep. Regulators suspected GDPR problems with Meta training AI models on “public” EU user content, but the company says Google and OpenAI do the same without agency intervention. The Commission believes that Meta’s plan to have paid subscriptions as the no-ad alternative for Facebook and Instagram violates the DMA, while the only way to get YouTube without ads is a paid subscription. Finally, Meta’s processing of EU user data in the US has been at the center of years of litigation over general US-EU cross-border data flows policy despite thousands of other US and EU companies handling user data the same way.
GEuropean General Court Rejects ByteDance’s DMA Challenge
Report from Bloomberg
In Brief – The EU General Court has ruled that the European Commission’s decision to designate Chinese digital giant ByteDance, the owner of TikTok, as a gatekeeper under the Digital Markets Act, is justified. The law regulates the top platforms of the largest digital “gatekeepers” through 18 behavioral duties that are modeled on competition law principles and enforced proactively by the Commission. TikTok argued that they should not be regulated as a gatekeeper’s service because they were themselves a relatively new challenger to gatekeepers such as Google, Amazon, and Meta in digital advertising, video sharing, and social networking. TikTok also argued that its European revenues fell far below the law’s thresholds. The judges ruled that TikTok met the DMA test of having “a significant impact on their relevant digital market” of social networking, as well as a substantial user base and extensive data collection capabilities. On the financial thresholds, the court reaffirmed the use of ByteDance’s global value. TikTok has not announced if they will appeal the decision to the European Court of Justice.
Context – A big DMA question from the start was how many digital companies would face its unprecedented regulatory regime. Analysts identified around a dozen prospects. The Commission’s first tranche of six was like the recommendation of EU Parliamentarian Andreas Schwab who said, “Let’s focus first on the biggest problems, on the biggest bottlenecks. Let’s go down the line — one, two, three, four, five — and maybe six with Alibaba.” The first five were the US giants — Amazon, Apple, Google, Meta, and Microsoft. ByteDance ended up the Chinese entry instead of Alibaba. Recently, Booking was added to the DMA, making seven. And some consider Booking to be EU-based as well, a DMA first. Booking is the gatekeeper with the lowest market value, at a bit over $130 billion. ByteDance is estimated to be worth around $230 billion. The five US giants all exceed $1 trillion, with three beyond $2T. The European Commission is also considering X as a gatekeeper. It is estimated to be worth less than $15 billion, which would redefine the concept of a gatekeeper and the scope of the law.
EU Commission Finds That X Has Violated the Digital Services Act
Report from EuroNews
In Brief – The European Commission has made a preliminary determination that X has failed to comply with several provisions of the Digital Services Act (DSA), the EU’s law to regulate content moderation and increase the transparency of digital platforms. The Commission’s findings involve DSA requirements on dark patterns, advertising, and providing necessary data access for researchers. Of note, the regulator considers X’s “Blue checkmark” for “verified accounts” to be a deceptive “dark pattern” by failing to correspond with industry practice because anyone can obtain “verified” status by paying for a subscription. The regulator also believes that the company fails to meet requirements to provide a searchable repository of advertisements and provide access to its public data to researchers. The initial Commission request for information from X regarding DSA compliance was made last October, just days after the Hamas attack on Israel. Besides the DSA transparency provisions that the Commission is citing in this preliminary determination, their formal investigation of X also challenged the platform’s compliance with DSA requirements more explicitly focused on content moderation, including countering the dissemination of illegal content and information manipulation. Those investigations continue.
Context – EU Commissioner Theirry Breton took to X last October at the start of this process and said, “we have indications of X/Twitter being used to disseminate illegal content & disinformation” related to Hamas’s attack on Israel. It’s noteworthy that the Commission’s initial findings stick to more technical sections of the law and the Commission’s questions that raise censorship concerns remain open. Nevertheless, X’s owner responded to the preliminary determination alleging that, “The European Commission offered X an illegal secret deal: if we quietly censored speech without telling anyone,” and that X would challenge the Commission findings in court. Breton responded, also on X, “Be our guest @elonmusk. There has never been — and will never be — any “secret deal”.”
German Court Applies Antitrust Law In Facebook Content Moderation Case
Report from Heise Online
In Brief – A non-profit association of film enthusiasts in Dusseldorf, Germany, has successfully circumvented jurisdictional limits on lawsuits targeting social media platforms for their content moderation decisions by challenging a Facebook decision to freeze the group’s page as an antitrust violation. The Düsseldorf Regional Court found that Meta had improperly exploited its dominant position in Germany when it blocked the film group’s page in December 2021 without prior notice or specific reason. The case stemmed from Facebook blocking the group’s page based on a determination by its content moderation algorithms that probably considered still photos from a documentary on indigenous peoples as violations of the rules against nudity. The group could not get its page unblocked and sued Meta in early 2023. Meta has their EU headquarters in Ireland and tried to force the claim to be dealt with there, but the Dusseldorf court ruled that it had “international jurisdiction” because the matter was an antitrust claim rather than a dispute over contractual terms. The film group argued that Facebook, the dominant social media platform in Germany, must protect its users’ fundamental rights, including giving prior notice and objective reasons for removing a page. Along with accepting jurisdiction based on the competition law claim, the court said that the EU’s Digital Services Act “requires a clear, specific and comprehensive justification” to block a user.
Context – Frustration with the legal and regulatory implications of so many large digital platforms setting up their EU headquarters in Ireland (and a lesser extent Luxembourg), led to the EU’s two major digital economy regulatory overhauls shifting primary enforcement authority to the European Commission for the largest digital platforms. The Digital Services Act regulates content moderation policies and the Digital Markets Act regulates the largest “gatekeepers” using competition law principles. Meta is regulated by Brussels for both. Although, if this ruling stands, content moderation could be a matter for country-by-country competition suits as well.
Microsoft Reaches Deal with EU Cloud Companies to Avert Antitrust Action
Report from Reuters
In Brief – Microsoft and the association of Cloud Infrastructure Services Providers in Europe (CISPE) have reached an agreement to resolve the concerns that many of the small and mid-size cloud services companies in Europe have with practices that the software giant uses to preference its Azure cloud services business with customers that use its highly popular business software. The deal will allow most CISPE members to offer Microsoft applications and services on Microsoft’s cloud infrastructures with the main preferential features and similar prices to Microsoft, compensates the members for losses over the last two years, and establishes an ongoing monitoring body. In exchange, CISPE has agreed to withdraw the antitrust complaint it lodged with the EU’s competition authority. The European Commission must still review the agreement and judge its impact on cloud services competition across the EU, and CISPE reserved the right to refile their complaint if the agreement is not fully implemented within nine months. Finally, the Microsoft concessions do not apply to the other largest cloud services providers, Amazon’s AWS (the largest in Europe and a CISPE member), Google, or Alibaba.
Context – Allegations that Microsoft leverages its dominant software packages, including Office 365 and Windows OS, to preference its other digital services, is a complaint that extends beyond Azure cloud services. The European Commission has recently found that Microsoft has engaged in anticompetitive conduct by bundling its Teams service into Office 365 nearly four years after Slack filed an antitrust complaint. German software company NextCloud accuses Microsoft of unfairly bundling its OneDrive cloud system into Windows. The EU’s Digital Markets Act (DMA) regulatory regime will likely impact some or all of these issues at some point. Microsoft is a DMA gatekeeper (as are Amazon and Google). Microsoft’s Windows OS and LinkedIn are currently designated as regulated core platforms. And while the DMA does apply to cloud services, none of the gatekeepers’ cloud businesses have so far been designated as regulated core platforms.
South African Sellers Complain About Amazon Using Algorithms to Set Price Floors
Report from MyBroadband
In Brief – Just months after Amazon opened its South Africa-based business, third-party sellers in the country are complaining that the ecommerce giant is imposing a price parity policy on them that penalizes their Amazon listings if they sell the product for a lower price on a competing marketplace, even when the costs on the other platform are lower. The sellers report that Amazon carries out this pricing policy by not placing a product into the key “Add to Backet” slot if the seller offers the product for a lower price elsewhere. A product will be able to gain the prime selling position if the seller raises the price on the other site up to their price on Amazon. This practice discourages sellers from taking advantage of promotions and discounts on competing platforms because those gains are offset by lost sales on Amazon. The South African Competition Commission released a report in 2023 directing domestic ecommerce platform Takealot to address several anticompetitive behaviors including removal of its own price parity clause from seller contracts.
Context – Amazon’s use of its Buy Box (“Add to Basket”) algorithm to enforce a “fair pricing policy” is a feature of several lawsuits in the United States. It is particularly relevant because the harm to consumers involves driving up prices, in this case on platforms other than Amazon, which is especially important in the context of US antitrust law. In addition, Amazon is the dominant online marketplace for small business retailers in the US, and its fee level for top sellers now averages over 50 percent, which exceeds fees on most other platforms. Several antitrust lawsuits alleging harm from fair pricing have survived Amazon’s motions to dismiss, including two class action suits in federal court in Washington State, and a lawsuit by the Attorney General of California in California state court. Amazon’s practices aimed at dissuading marketplace sellers from offering lower prices on competing platforms is also incorporated into the US Federal Trade Commission’s antitrust complaint scheduled for trial in October 2026.
Amazon Faces European Commission Questions Regarding DSA Compliance
Report from Reuters
In Brief – The European Commission has given Amazon until July 26 to provide more detailed information on its Digital Services Act (DSA) compliance, including the transparency of its recommender systems, digital ad repository, and its risk assessment report. In its announcement, the Commission noted that the European Court of Justice recently rejected Amazon’s request to be exempt from the obligation to make its advertisement repository publicly available while its legal challenge to its designation as a Very Large Online Platform (VLOP) is being decided, and therefore the company is required to comply with the full set of DSA obligations. An Amazon spokesperson said that the company, “shares the goal of the European Commission to create a safe, predictable and trusted shopping environment,” and “we think this is important for all participants in the retail industry.”
Context – Last July, Amazon filed a challenge in the EU General Court opposing Commission’s decision to designate it as a VLOP under the DSA, the EU’s law regulating online content moderation. VLOPs, which have more than 45 million monthly active users, are regulated directly by the European Commission and face stricter criteria for dealing with objectionable material, greater transparency requirements, and must submit regular risk assessments. Nineteen large digital platforms, including two search engines, were initially designated as VLOPs. Amazon argued that they should not be designated a VLOP because they are not the largest retailer in any country of the EU and that holding them to different standards than other retailers is unfair. On the other hand, the Commission argues that the DSA is very clear in its application to large marketplace platforms, and Amazon is the largest marketplace in Europe. In the initial court decision, the President of the General Court ruled that Amazon was required to comply with the DSA requirements related to its personalized recommendation systems but should be exempt from the requirement to publish an ad repository. The European High Court later ruled that Amazon was required to comply with all DSA obligations while its challenge worked its way through the courts.
Supreme Court Will Hear Challenge to Texas’s Online Porn Age Verification Law
Report from Jurist News
In Brief – The US Supreme Court has announced that it will hear an appeal to a lawsuit from an adult entertainment industry trade group challenging the constitutionality of a Texas law requiring pornography sites on the internet to use age verification technology and block users under age 18. After it was enacted last June, the law was challenged on 1st Amendment grounds and a federal district court judge ruled that it failed the strict scrutiny test for free speech cases. However, that decision was overturned by the 5th Circuit Federal Court of Appeals who chose to apply a far less stringent legal test, The case titled Free Speech Association v Paxton will be heard in the upcoming Supreme Court term, which runs from October 2024 through June 2025.
Context – Efforts to cordon off parts of the internet from teens are only gathering steam. Keeping teens off porn sites is obviously popular, but social media is the real target. A common state legislative tactic is to try to avoid strict legal scrutiny on free speech grounds by focusing regulations on “content neutral” app and website features, such as recommendation algorithms and auto-play, not classes of content. However, since the mandates are targeted by age, some manner of age verification is either required or strongly implied. The litigation queue is already filled with laws from states both red and blue, including Arkansas, Ohio, Utah, Texas, Florida, California, New York, and Maryland. Federal judges have generally not been sympathetic to the social media safety laws, blocking them from going into effect and raising concerns on 1st Amendment and privacy grounds. Online age verification implicates both concerns. The 5th Circuit decision backing the Texas law imposing an age verification requirement on internet porn sites was a rare US court success involving internet age-gating, but now it will face review by a High Court increasingly willing to take on internet policy issues. Outside the US, age verification mandates, especially for porn sites, are having more success, including in France, Great Britain, and Germany.
Federal Judge Dismisses Class Action Alleging Deceptive Amazon “Buy Box”
Report from Reuters
In Brief – US District Judge Marsha Pechman dismissed a class action lawsuit filed by two Amazon shoppers that alleged the company harmed them and millions of other consumers by deceptively placing higher-priced products in their “Buy Box” to sell more items that used Amazon’s Fulfillment by Amazon (FBA) and boost Amazon fees. The lawsuit claimed that the ecommerce and logistics giant’s practices violated Washington State’s Consumer Protection Act (CPA). Judge Pachman’s ruling determined that the plaintiffs did not satisfy two of the five elements needed to prove a violation of the CPA, failing to show any specific examples where they were harmed by purchasing higher-priced products from the Amazon Buy Box rather than an equivalent lower-priced offering, and in doing so failing to show that Amazon caused actual harm to the plaintiffs. The judge gave them 30 days to amend their complaint.
Context – Amazon is the largest ecommerce marketplace provider and the largest ecommerce fulfilment services provider. Unlike true marketplaces, Amazon directly handles the goods for most of their top marketplace sellers just like their own retail goods. Amazon uses the Prime program and the Buy Box algorithm to effectively direct most consumer purchases to goods that use FBA and bring in high fees. Company practices that preference products from sellers who use Amazon logistics, even when lower priced alternatives are available, have been under increasing legal and regulatory scrutiny. In the EU, Amazon agreed in mid-2022 to offer shoppers a second Buy Box with an alternative shipping option. The company also reached a settlement with the UK Competition and Markets Authority. In the US, Amazon has not made similar concessions and the practice is targeted in the FTC’s major antitrust complaint scheduled for a 2026 trial. A different consumer class action complaint alleging that Amazon violated federal antitrust law by pushing sellers to use its FBA logistics service was dismissed earlier this year because the alleged harms were to marketplace sellers not to the consumer plaintiffs.
Apple Accepts Epic Games’ App Store App for European iPhones
Report from TechCrunch
In Brief – Apple has approved Epic Games’ games marketplace app for iPhones and iPads in Europe after months of disagreement over the app’s design and threats by Epic to escalate the standoff to the European Commission’s Digital Markets Act (DMA) regulators. Apple had twice rejected the “Epic Games Store” app, claiming that the design of some buttons and labels were too similar to those in Apple’s App Store. Among the 18 competition-styled regulatory mandates imposed on so-called “gatekeepers” by the DMA is the requirement to allow third-party app stores to operate as long as they do not endanger the hardware or operating system of the digital giant’s platform. Apple is currently one of the seven companies designated as gatekeepers under the DMA. Apple had already approved Epic Games Fortnite app to be readmitted to the Apple App Store in Europe after being expelled for violating App Store rules as part of a campaign kicked off in 2020 by Epic Games to use legal and regulatory pressure to force Apple to reduce its app developer fees.
Context – The DMA directly threatens Apple’s core user proposition of a highly curated iPhone ecosystem that promotes user privacy, security, and a tightly controlled user experience. Apple is trying to set boundaries on DMA mandates against self-preferencing and requiring interoperability, and a high-profile confrontation with the European Commission enforcers seems very likely. The Commission has already made a preliminary determination that Apple’s DMA compliance plan for the App Store falls short by failing to allow app developers to freely steer consumers to alternative buying channels outside the Apple ecosystem to purchase content for lower prices with lower fees. The regulator also believes that the fees charged by Apple for off-Apple purchases are too high, and will be opening a DMA review of Apple’s proposal for a new per-download “Core Technology Fee” for large app developers who choose to avail themselves of lower fees on transactions carried out off the Apple system.
Nvidia Expected to Face Antitrust Charge Sheet in France
Report from Reuters
In Brief – Nvidia, which reported in recent months that it is facing antitrust scrutiny in a number of markets including the EU, France, UK, and China, is likely to soon face formal charges of anticompetitive conduct in France. The French antitrust regulator recently issued a report on competition and the market for generative artificial intelligence (GAI), which cited the risk of abuse by chip providers and expressed specific concerns with the unique role of Nvidia’s CUDA chip programming software, which has been central to advancements in GAI and operates best on Nvidia hardware. The initial investigation of Nvidia by the French authorities was linked to an investigation of the cloud services business and the Nvidia charge sheet is expected to include concerns regarding the AI giant’s investments in, and sales to, various cloud services providers.
Context – One mantra of tech regulation advocates is that governments should not make the “same mistakes” with AI that they made with social media, including having a more activist competition policy. In the US, the two federal antitrust agencies recently agreed to divide up lead authority on two big potential AI-related targets, with the Department of Justice (DoJ) taking Nvidia and the FTC looking into Microsoft’s relationship with OpenAI and other AI startups. The presumption that massive size is key to AI success is strong with many regulators, including the DoJ’s antitrust chief and the head of the German Competition Authority, but some experts see the largest GAI models hitting a point of diminishing returns and smaller specialized systems may prove more efficient. Besides the fact that some of the biggest AI leaps have come from startups such as OpenAI and Clearview AI. Do take note that the French officials are interested in Nvidia’s CUDA rather than just its GPU (Graphics Processing Unit) hardware. CUDA is a programming language with a massive community of AI developers that is operated by Nvidia and is tightly integrated with their processors. If they have a “moat”, this is it.
High Court’s Regulatory Rulings May Hamper Progressive Regulation Plans
Report from the Washington Post
In Brief – A series of Supreme Court rulings paring back the authority of federal agencies is likely to hamper efforts to regulate digital markets and tech business models absent federal legislation. The two decisions that overturned the legal principle called “Chevron deference”, a four-decade-long direction to federal judges to defer to executive branch agencies when they make rules and interpret laws, lowers the bar for legal challenges alleging that an agency has misapplied the law or exceeded its statutory authority. The Biden Administration has backed regulatory interventions to achieve progressive policy goals on several digital policy issues where Congress has failed to legislate, including data privacy, Gig-style work platforms, net neutrality, and artificial intelligence. The Court’s conservatives have also weakened the authority of agency-based administrative law judges, such as at the FTC, and resuscitated the “Major Questions Doctrine” that rejects agencies regulating on important topics absent direct statutory authority.
Context – The recent decisions that have pared back the authority of executive agencies have cut directly along the Court’s ideological fault line, just as many of the digital policy issues that are stalled in Congress and have progressives pressing for strong agency action are highly ideological. The FTC offers the clearest examples. Meta accuses the agency of trying to make policy on behavioral advertising and how social media serves teens, and Kochava argues that they are legislating on the use of mobile phone location data. Add in rulemaking on “unfair methods of competition”, “commercial surveillance”, Gig work, “all in pricing”, and merger reviews that appear more aligned with European regulators than US court rulings. But don’t expect the increased risk that regulatory actions will eventually be overturned in federal court to temper the agencies now. First, the new legal landscape doesn’t change the political dynamics. Plus, the prospect that a regulation will be trimmed or overturned in court actually makes it easier to privately explain to opponents that they shouldn’t get so upset by your regulatory plans.
House GOP Leaders Torpedo Committee Action on Bipartisan Privacy Bill
Report from the Washington Post
In Brief – Top House Republican leaders torpedoed the plans of the House Energy & Commerce Committee to mark-up federal data privacy legislation crafted by Cathy McMorris Rodgers (R-WA), who leads the House Committee, and Senator Maria Cantwell (D-WA), who leads the Senate Commerce Committee. The committee heads released draft legislation in April that some saw as a bipartisan breakthrough that could lead to a major data privacy bill being enacted this year. They claimed to resolve the top two issues of partisan disagreement that have stymied privacy bills in Congress, the ability to use consumer class action lawsuits to enforce the law, a priority for many Democrats that is rejected by most Republicans and business groups, and robust state law preemption, a priority of many Republicans that is rejected by many Democrats, especially from states like California with their own data privacy laws. Although McMorris Rodgers believed the compromises were acceptable, and the committee was expected to pass the bill, Speaker of the House Mike Johnson (R-LA) and Majority Leader Steve Scalise (R-LA) intervened to express their opposition to the committee’s Republicans, leading to action being cancelled. The prospects for the bill being resuscitated this year are not seen as good.
Context – Last Congress, a bipartisan data privacy bill earned the backing of three of the four primary committee leaders, including McMorris Rodgers, with only Senator Cantwell holding out, likely because the class action provision was not permissive enough. That bill died amidst complicated legislative crosscurrents in the House and Senate. This year’s deal included a big left shift on class actions, leading us to question how the business community would react. Consider this development an answer. Other big hurdles include the tight legislative calendar, very narrow House and Senate majorities, Republican and business antipathy for the current FTC leaders, and GOP reluctance to give President Biden a big win. Rather than wait for legislation, progressives are calling on the FTC to enact strong new federal privacy rules this fall.
Uber and Lyft Agree to Ridesharing Minimum Pay in Massachusetts
Report from the Wall Street Journal
In Brief – Uber and Lyft have reached an agreement with the Attorney General of Massachusetts to settle a long-running legal and political battle over the pay and benefits for ride-share drivers in the state. The settlement ends a lawsuit filed by the state in 2020 and allows the companies to continue to classify their drivers as independent contractors. The two platforms agree to pay drivers minimum earnings of $32.50 per active hour spent on a trip as well as some employee-type benefits, including paid sick leave based on the number of hours they spend on the job. The companies also will pay the state a combined total of $175 million to resolve allegations that they violated the state’s wage and hour laws in past years, with most of that money being distributed to drivers. The state sued Uber and Lyft in 2020 demanding that they classify their drivers as employees on the heels of California enacting AB 5 in 2019 to reclassify many independent workers, including rideshare drivers, as employees. However, in November 2020, California voters overturned AB 5 for ridesharing and delivery workers by strongly backing Prop. 22, which kept rideshare drivers as independent contractors but committed the platforms to minimum pay and benefits levels. The ridesharing companies then attempted to enact a similar ballot measure in Massachusetts, but the effort has been tied up in state courts since.
Context – In May, two years of contentious battles over ridesharing legislation in Minnesota was resolved with agreement to set a statewide minimum pay rate for drivers, allow the platforms to hire drivers as independent contractors, and guarantee some employment-type benefits. That deal was noteworthy because while Minnesota is a solidly blue state and Minneapolis-St. Paul are progressive bastions, ridesharing regulation, in particular setting pay floors, has been limited to very wealthy coastal cities of New York (2019) and Seattle (2022) and the states of California (2020) and Washington (2022). We said at the time to expect more city and state officials nationwide to explore similar deals.
European Commission Thinks Apple’s New App Store Plan Violates the DMA
Report from Bloomberg
In Brief – The European Commission has made a preliminary determination that Apple’s plan to bring its App Store rules into compliance with the Digital Markets Act (DMA) falls short. The competition regulator believes that Apple fails to allow app developers to freely steer consumers to alternative buying channels outside the Apple ecosystem to purchase content for lower prices with lower fees. The iPhone giant’s DMA compliance proposal provides three sets of terms to app developers, and the Commission says that none allow developers to provide off-Apple pricing information within their app, and the “link-out” process for a developer to take a user to a website to make a purchase is subject to problematic restrictions. The regulator also believes that the fees charged by Apple for off-Apple purchases are too high. Along with its preliminary anti-steering findings, the Commission has opened a DMA review of Apple’s proposal for a new per-download “Core Technology Fee” for large app developers.
Context – The DMA challenges Apple’s core user proposition more than the other “gatekeepers”. While most alleged anti-competitive practices of tech giants are non-transparent and hidden inside highly complex operations, a core value proposition of the highly popular iPhone has been its “walled garden” model that Apple argues promotes privacy, security, and a better user experience. Changing the iPhone ecosystem is likely to be more noticeable to users than changes to Google search or Meta ads. Apple is trying to set boundaries on DMA mandates against self-preferencing and requiring interoperability. The company’s app industry antagonists, who are pursuing similar changes to circumvent Apple fees in the US and elsewhere, cried foul as soon as Apple released its DMA plan. The Commission is backing the app developers, and the two sides are likely moving to a court showdown. In response to the EU regulatory environment Apple announced its new AI iPhone features will not be released in Europe, causing Commissioner Margrethe Vestager to claim that they must be anti-competitive plans.
Australia Considering Forcing Meta to Carry News (and Pay for It)
Report from the Guardian
In Brief – The prospect that Meta will walk away from news company payments by blocking news posts on their Australian sites has led to calls for “must carry” legislation requiring Facebook and Instagram to carry news, pay for it, and be banned from the country if they refuse. Although both Google and Meta threatened to block news-related services during the tense Australian legislative negotiations in 2021, the News Media Bargaining Code was enacted and both platform giants eventually negotiated media payments deals. However, Meta has since determined that news content is not that important to their platforms and said they will ban news content if local law requires that they pay media companies when third parties, including media companies themselves, post news on their platforms. Meta has not engaged in talks to extend their Australia media payment deals worth $70 million, shut down the Facebook News service in the country, and appear prepared to block news content like they have done in Canada. An AU Treasury assistant secretary has told a parliamentary inquiry that the government was considering “must carry” rules for Meta.
Context – Australia was a leader forcing Google and Meta to pay media companies when news content appeared on their platforms. Many jurisdictions have since considered similar legislation. Meta changed the dynamic last year when they banned news links in Canada rather than join their payments regime. The change has apparently had little negative impact on Meta’s platforms. The California legislature is considering similar legislation and Meta is saying they will implement a ban. Google has also tested a news ban in the state, but they pay in Canada and have never fully implemented a search ban. It is worth noting that with “must carry” rules for television, cable and other TV services, they are required to carry some broadcast signals, but they are not required to also then pay for them. When broadcasters want to be paid, there are “retransmission consent” rules that prohibit the video platforms from using the broadcast streams for free.
US Supreme Court Chooses Not to Disrupt Social Media Ecosystem for Now
Report from Platform Economy Insights
In Brief – The US Supreme Court handed down decisions on two major cases involving social media content moderation that neither undermine the legal basis for current practices nor definitively reject challenges to the status quo. Nine justices agreed to send challenges to laws enacted by Texas and Florida to regulate online content moderation back to lower courts for more thorough review. Six justices rejected a legal challenge to Biden Administration efforts to encourage social media platforms to restrict some content, ruling that the plaintiffs did not have a legal basis to bring the suit.
Regulating Content Moderation – (Report from the New York Times) The Texas and Florida laws were enacted in 2021 by Republican-dominated state governments arguing that the giant platforms engaged in ideological censorship of conservative voices. Opponents argue that the platforms are private businesses with 1st Amendment rights to engage in editorial control. The court unanimously chose to send the two laws back to lower courts to engage in more thorough reviews of the laws. Both laws remain paused by injunctions as they proceed. The unanimous ruling is clear on the point that social media platforms have free speech rights to engage in editorial practices, but five justices signed onto four concurring opinions.
Censorship-by-Proxy – (Report from the New York Times) Another case based on Republican objections to allegedly biased content moderation, the plaintiffs claimed that Biden Administration officials pressured platforms to restrict certain speech, engaging in illegal government censorship-by-proxy. Six justices tossed out the suit from two Republican AGs and a handful of individuals, and the 5th Circuit ruling that sided with them, arguing that the plaintiffs did not have standing to sue. On the key question of when government efforts to influence platforms crosses the line from acceptable jawboning to censorship-by-proxy, the opinion says, “Because we do not reach the merits, we express no view as to whether the Fifth Circuit correctly articulated the standard for when the Government transforms private conduct into state action.”
Context – Both decisions are operationally similar to how the High Court dealt with Sec. 230 last year. In Gonzalez v. Google, plaintiffs argued that when platforms used algorithms to present content to users, they were no longer protected by Sec. 230 because the algorithmic presentation of content was distinct from the third-party content itself. The Court accepted that case, and many believed that a majority, led by Sec. 230 critics Thomas and Alito, were going to drastically narrow the law. Instead, they completely passed on ruling on that question, an indication that they would wait for a different case and different facts. It does now seem that Justices Thomas, Alito, and Gorsuch on the right, and Jackson on the left, are most willing to shake up the online status quo, while Roberts, Sotomayor, and Kavanaugh are most opposed, and Barrett has been very influential in pushing the Court to avoid major rulings when possible.
European Commission Tells Meta That “Pay or Consent” Plan Violates the DMA
Report from the Wall Street Journal
In Brief – The European Commission has made a preliminary determination that Meta’s “Pay or Consent” plan to offer users the binary option of Facebook and Instagram with targeted ads, or purchasing paid, ad-free versions, does not comply with the Digital Markets Act (DMA). Digital “gatekeepers” must obtain user consent for combining their personal data from “core platform services” with other company services, including its ad network. If users refuse to give consent to the use of personal data for ads, the regulator argues that a gatekeeper is required to offer them a free option that uses less-personal data for advertising but provides similar functionality as the version employing targeted ads, so in this case, a third option. Meta argues that offering users the choice between an ad-free version that they pay for, which, if refused, is consent for personalized advertising, is based on European Court of Justice rulings.
Context – Meta’s ad-free subscription versions Facebook and Instagram in Europe were a response to two regulatory threats. This Commission action is based on the DMA, however Meta has been dealing with legal challenges based on the EU’s privacy regime for years. Under the GDPR, they must have a valid legal basis to use customer data, and after years of legal battles Meta is basing their targeted advertising on the argument that it if a company offers users the choice between a free advertising-based service and a subscription-based service, those who do not choose to pay are consenting to ads on the platform. Privacy advocates object, and EU privacy authorities recently did as well. The Commission’s competition regulators are joining in and saying that while the DMA does not require Meta to offer its services for free, it does require the company, and presumably all giant platforms with ads, to offer versions that are free and employ far less-efficient, less-targeted, low-value advertising. While neither EU law bans targeted advertising, if EU enforcers and eventually courts interpret the laws in that way, it will reverberate throughout the massive and complex digital ad ecosystem, including for publishers and advertisers.