EU Lawmakers Pass Strict New Rules Affecting Big US Tech (bloomberg.com) 99
The lead committee in the European Parliament writing new tech rules passed measures Tuesday that could impact major U.S. and European tech companies. Lawmakers voted to approve measures in the draft Digital Markets Act that could mean:
1. A company's messaging or social media app is interoperable, to prevent users feeling forced to use one or the other because that's where their friends are
2. A ban on behavioral targeting of ads to minors
3. Fines of as much as 20% of a company's global annual sales for breaches for the law
Companies identified as "gatekeepers" and therefore set to be accountable under the DMA include Amazon, Facebook, Google, Microsoft, Apple and Booking.com, and could later hit online marketplaces Zalando and Alibaba.
2. A ban on behavioral targeting of ads to minors
3. Fines of as much as 20% of a company's global annual sales for breaches for the law
Companies identified as "gatekeepers" and therefore set to be accountable under the DMA include Amazon, Facebook, Google, Microsoft, Apple and Booking.com, and could later hit online marketplaces Zalando and Alibaba.
Fines of 20% global annual sales? (Score:3, Insightful)
Re:Fines of 20% global annual sales? (Score:5, Insightful)
Re: (Score:2)
Why haven't they ever recommended this?
Re: (Score:3, Insightful)
You now, if they REALLY were wanting to protect youth from social media, etc...then they would just raise the minimum age for USING social media to 18yrs or 21yrs of age.
Why haven't they ever recommended this?
You know if we REALLY wanted to prevent murders, we could lock everyone up. Why hasn't anyone recommended this?
Re: (Score:2)
C'mon...that's not a valid comparison and you know it.
I mean, there are things we don't allow kids to use, like alcohol till they reach the age of adulthood.
If social media and the l
Re: (Score:3)
Err...you know that kids (and anyone) can communicate without social media, right?
I mean, I grew up before cell phones and the internet and we got along just fine without them, in some cases, I'd argue better that the generations that have it.
We learned real social interactions and how to deal with people in person. We didn't stare at a ph
Re: (Score:2)
Re: (Score:2)
Why haven't they ever recommended this?
Countries have done this for pornography. How well has it worked? That should answer your question on the ability to control the end user.
Re: (Score:2)
Are you saying this has been a complete failure in countries that have done this?
Re: (Score:2)
Do I need to tell you water is in fact wet? Of course attempting to regulate the end user has failed in every scenario conceivable. We didn't stop people buying drugs online. We didn't stop online gambling. We didn't stop porn. Hell we've failed to stop kiddy porn and that shit is proper illegal.
This is the equivalent of government protecting people from gun violence by mandating they don't get themselves shot. There are corporate interests at play which market towards teenagers and younger. Making it illeg
Re: (Score:2)
I mean, we limit sales of alcohol to minors. And while of course it doesn't prevent ALL access all the time, it does do a pretty good job of it most of the time.
I would guess required proof of ID, and maybe a credit card ## to access social media like for places that regulate online porn would help?
And besides, if there weren't that many youths on social media, would they really want to get on there to talk mostly only to old people?
Re: (Score:2)
I mean, we limit sales of alcohol to minors.
Ding ding ding. We limit sales. Note it's not illegal to go buy alcohol. It's illegal to sell it. The punished party becomes the seller.
I would guess required proof of ID, and maybe a credit card ## to access social media like for places that regulate online porn would help?
Would it though? Has it helped in the slightest for the regulation of online porn? About the only people who have successfully related online porn are dictators who have their entire citizenry behind a big arse firewall.
And besides, if there weren't that many youths on social media
What makes you think there aren't many youths on social media? It wasn't a middle aged man twerking in front of a camera in our building's staircase. The re
Re: (Score:3)
Why in fucks name do you think adults are better at using social media than children?
I mean, look at the shit fest currently going on in many countries, driven by drivel, and deliberate misinformation, and hate on social media, and I think everyone can agree with me that its not the children doing that....
How about we fix society and thus in turn fix social media?
Re: (Score:2)
Well, if adults often are bad at it, then children are even LESS adapted enough to handle it.
And we're seeing these studies that specifically show how social media is hurting them, example how Instagram is causing many young women in particular to have some mental anguish.
I would posit that social media have had a large contribution to society's falling apart an
Re: (Score:2)
I disagree that social media has played a leading role, or even a large contribution in the issues we have in todays society - these problems started well before social media was ever a thing, and well before the internet really took off for public consumption in the late 2000s (Im talking about the introduction of mobile devices with permanent internet access - that was what really fuelled internet adoption as a main part of life rather than it being a luxury you dipped into every now and then).
Social medi
Re: (Score:2)
If you don't make the punishment harsh enough, companies will just roll the penalties into their annual budget as a cost of doing business.
A better punishment would be sending execs to jail for offenses of their company. That seems to scare them more than some fines that are essentially pocket change to them.
Re: (Score:2)
While that sounds like a good idea, it is not feasible. From what I know, one is civil law, the other criminal law. And we know what happens to white collar crime... Much easier to do civil lawsuits. Yes this also applies to the USA.
Re: (Score:2)
If you don't make the punishment harsh enough, companies will just roll the penalties into their annual budget as a cost of doing business.
A better punishment would be sending execs to jail for offenses of their company. That seems to scare them more than some fines that are essentially pocket change to them.
The thought of going to jail might scare people like you and me. However, the really scary thought for executives is a drop in stock prices that would cost them millions of dollars. That's why the Europeans have the right punishment in mind.
Re: (Score:2, Insightful)
Holy moly... is this punitive or a cash grab?
Could be both.
The fact that the fine is a percentage of global sales, not EU sales, is problematical,
Re:Fines of 20% global annual sales? (Score:5, Insightful)
The fact that the fine is a percentage of global sales, not EU sales, is problematical,
Going to see a lot of sales from the Cayman Islands if you don't.
Re:Fines of 20% global annual sales? (Score:5, Informative)
Global sales is the only way it can work because otherwise they will just hide everything offshore.
Google tried it years ago, they had staff in the UK who they claimed were not selling anything and all transactions were with a foreign company. They were undone by the fact that the staff all described themselves as working in sales on Linkedin.
Re: (Score:2)
Global sales is the only way it can work because otherwise they will just hide everything offshore.
Google tried it years ago, they had staff in the UK who they claimed were not selling anything and all transactions were with a foreign company. They were undone by the fact that the staff all described themselves as working in sales on Linkedin.
Indeed. I recently saw a documentary on how Amazon manages to pay almost no tax in France, in part by having to pay money to a holding in Luxemburg, which then pays a company in Delaware.
Here is one article, though you'll need to use Google Translate or something equivalent:
https://www.capital.fr/entrepr... [capital.fr]
Re: (Score:1)
not 10% [Re:Fines of 20% global annual sales?] (Score:2)
The EU regulation fines already were global revenue, and set to up to 10%. Experience showed 10% was not scary enough. The real fines are a small fraction of that. We saw several times on tech companies fined in tens of millions € by the EU and slashdot commenters saying it will have no effect because too small.
Google's annual revenue last year was 213 billion euros. Ten percent would be 21 billion euros, not "tens of millions € "
If you are right about fines being "up to 10%", that phrase "up to" is not actually implemented, because "tens of millions €" would be ~0.005%, three orders of magnitude lower than 10%.
Re: (Score:3)
Emphasis mine. Usually the fines are much much lower for the initial violation and they ramp up if the violations continue. This mechanism is there to avoid fines as a cost of doing business.
Re: (Score:3)
Also, usually the fines are applied at the end of a long process - research into "malfunctions", documentation, due process, possible appeal and so on. It isn't unusual to take a couple of years.
Re: (Score:1)
Ever thought that maybe the reason you're surprised big tech still does business in Europe is because your view of the world is simply wrong to the extent of sounding rather unhinged?
The EU hasn't even remotely done anything akin to banning hyperlinking, and GDPR is a good thing that results in better software.
Re: (Score:2)
As a matter of fact the USA banned hyperlinking when DeCSS was released. Slashdot had a field day with that.
Re: (Score:2)
As a matter of fact the USA banned hyperlinking when DeCSS was released. Slashdot had a field day with that.
Could you provide a citation for this?
Ok, I know you were being a bit hyperbolic but the US never banned hyperlinking due to the DeCSS release. There were court cases to stop people from linking to DeCSS but there was never a ban or even an attempted ban on all hyperlinking like Deathlizard implied.
Re: (Score:2)
As I said.
They banned hyperlinking to DeCSS but they didn't ban ALL hyperlinking as the OP impied.
Re: (Score:2)
> GDPR is a good thing that results in better software.
Not really. What company, anywhere, wants to design an insecure system that leaks internal data? None of them do. Some screw up and have breaches, to be sure. But no legislation will ever do away with incompetence. From my very first foray into InfoSec back when all I had to worry about was PCI; I did everything I could to build secure systems and networks, and to encourage developers to build secure applications and users to secure their workst
Re: (Score:2)
GDPR is not just about security, it also regulates the type of data companies can suck from customers and gives them rights to refuse or later demand deletion.
The last company I worked for had regular devs - no security specialists - and automatically recorded all sorts of customer data for metrics and support which was saved as hackily as possible into the newly-learned Azure. This data even included screenshots from the last 20 seconds of product use which occasionally captured customers writing emails et
Re: (Score:2)
Holy moly... is this punitive or a cash grab?
No, you've just grown so used to being screwed over time and time again by corporate scumbags that you've come to regard it as normal.
Re: (Score:2)
It is only a cash grab if the companies continue to defy the new laws. There won't be much cash to grab if they follow the law.
Re: (Score:2)
Re: (Score:1)
Previous fines have had little to no effect, and given the time and effort required to fell a major company it needs to be hefty enough to act as a determent.
If you can wave it off as beer money it will have no effect. This has happened a lot in the past. If it takes 9 years (which translates into "someone else's problem" in CEO time) to get a ruling it also needs to be hefty enough to still deter from crime.
Re: (Score:2)
Holy moly... is this punitive or a cash grab?
Are you American? I can only assume as much as you equate a law with actual teeth to equal a cash grab. What do you propose instead? A slap on the wrist followed by shouting at the company's users from the window "He's not the messiah, he's a very naughty boy"?
Re: (Score:2)
Punitive is when we jail your top 4 investors and executives and bar them from doing business in the EU for 2-3 years.
Would you like to go for that?
Keep pushing.
Re: (Score:1)
Not for a Nanny State but... (Score:2)
When you abuse both your market position and your users, this is what your get. If your software is "the best" or a "market leader" or what ever the buzz word you choose to say you're #1, then I guess you have nothing to fear.
This is kind of what happened the the phone company AT&T in the U.S. in the 70s/80s. AT&T copper phone line was like the cell phone OS and the phone and answering machine ware similar to default and proprietary apps.
How does that help? (Score:5, Interesting)
Unless you're going to force federation between all the messenger systems, the way this has traditionally been done is that users will have to have an account on each messenger system to use it anyway. So even if they don't use the platform in other ways, they're going to be giving permission for the platform to maintain a profile on them. The data associated with it will be (ostensibly) limited by privacy legislation in applicable jurisdictions, but it still opens the door. Is this actually going to improve privacy or even freedom in any way?
Re: (Score:2)
> Unless you're going to force federation between all the messenger systems
Federation between the big players might be enough for the regulator. Replacing monopoly with a cartel :/
> Is this actually going to improve privacy or even freedom in any way?
I'm a pessimist, I'll say no, and continue running my XMPP server.
Re: (Score:3)
It would improve the user experience, if the various platforms allow for the use of common web browsers to sign-up for the service and to request account closure. It would mean that one application could meet the needs of the user, which would be helpful on things like a cell phone.
As far as federation, consider how Microsoft Teams, Cisco Webex, and Zoom are already able to interact together in some ways for video calls. It might not be that much of a stretch for further interoperability among other playe
Re: (Score:2)
It would improve the user experience, if the various platforms allow for the use of common web browsers to sign-up for the service and to request account closure.
Don't they all do this now? I know faceboot certainly does.
As far as federation, consider how Microsoft Teams, Cisco Webex, and Zoom are already able to interact together in some ways for video calls.
I wouldn't know, I've never used any of those. I've been working a hands-on job which cannot be done remotely throughout the pandemic.
Re: (Score:2)
Some of us have been using collaboration and meeting software since well before COVID-19 caused employers to switch to remote work.
I've dialed a Cisco Spark Board into a Zoom call, for a commercial Zoom account that had the open protocols for that sort of communications.
Re: (Score:1)
Given the EU has made open banking work then I don't think messaging systems are going to prove a problem.
There are ample technologies out there to support this type of thing like OAuth, OpenID, SAML, etc. It's not exactly hard to have single account setups where you grant other services permission. For example, you have an account with Microsoft, then send a message to someone on Facebook and you're simply prompted as to whether you want to allow Facebook to relay messages dispatched from your Microsoft ac
Re: (Score:2)
How is E2E encryption supposed to work in your system? Each of these platforms has its own key distribution system, many of them designed and built very differently due to opposing philosophies about how this stuff should work. Some of them even rely exclusively on sneakernet for key distribution, so it isn’t even possible for someone outside that system to message into it without first becoming a part of it. OAuth doesn’t magically solve any of that. Are you mandating federated key distribution
Re: (Score:2)
A nice feature of GDPR is that you can't be forced to give consent for anything that isn't absolutely essential for using the service. So tracking for ad targeting is opt-in only, and if you don't opt in that's no excuse for not letting you use a service unrelated to ads.
This require is widely abused, unfortunately. There are efforts to enforce it, by groups like NOYB.
I think we will have to see how this pans out.
Re: (Score:2)
So even if they don't use the platform in other ways, they're going to be giving permission for the platform to maintain a profile on them. The data associated with it will be (ostensibly) limited by privacy legislation in applicable jurisdictions, but it still opens the door. Is this actually going to improve privacy or even freedom in any way?
You asked "How does that help? Is this going to improve privacy or freedom in any way?" Those are interesting questions, but they're unrelated to the legislation in question - the Digital Markets Act whose goals are:
1. Give business users of online services a fairer business environment
2. Give innovators and start-ups the opportunity to compete
3. Let consumers switch providers
4. Make sure that gatekeepers do well because of innovation, not because of lock-in.
This rule seems like it'll clearly benefit its in
Interoperable messaging? (Score:2)
Re: (Score:2)
Interoperability will be an interesting one. Here is my thought experiment (not the actual details):
One way is for the "Gatekeepers" to become an overly complex Message Passing gateway.
Of course this will be done by explicit "competitor" support instead of using a standardized protocol. (Please let it be XMPP if it should happen this way)
With the push to e2e encryption, this would have to be encrypted on the device itself. With interoperability, either a master key that ALL gateways will share, or reencrypt
Re: (Score:3, Insightful)
We geeks really dropped the ball 30 years ago with IM -- not pushing an RFC/IETF protocol. Instead, we created compatibility layers like MirandaIM, GAIM, kopete...
Remember when GTalk and even facebook had XMPP support?
The problem was not to develop these cross-protocol applications. It was a good idea back then, and would still be a good idea today (better than having 5 different messaging applications or browser tabs, each with their own notification system).
The problem is that (some) geeks dropped the ball 5-10 years ago and started making concessions such as accepting to use proprietary protocols which are only available on a single vendor (I'm looking at you, Apple iMessage / Facetime). Not only you can't use a multi
Re: (Score:2)
I don't think it was the geeks at fault, it was the millions of users who didn't have any concept of interoperability but just wanted to talk to their friends on whatever app was popular.
Re: Interoperable messaging? (Score:2)
Iâ(TM)ll admit to being a geek and adding to the problem. As I got older I absolutely traded the âoeright thingâ for the âoeconvenient thingâ. I used to solely run Linux as my only OS (using Wine to game)⦠now I havenâ(TM)t touched anything that isnâ(TM)t an Apple device in the last 10 years. Blah blah - insert justification about life getting complicated and needing things to just workâ¦
I canâ(TM)t be the only oneâ¦
Re: (Score:2)
Knowing from experience that the alternative is pretty close to ostracism, I'm really not one to pass judgement about your justifications.
I chose ostracism and fighting windmills... for now.
Re: (Score:2)
So you really consider it to be convenient to have to use 10 different messaging applications (or use just a few and risk being cut out of your contacts)?
Re: (Score:2)
> The problem was not to develop these cross-protocol applications. It was a good idea back then, and would still be a good idea today (better than having 5 different messaging applications or browser tabs, each with their own notification system).
I agree with it being a good idea, I disagree with it not being a problem.
It solved the practical issue of 10 different programs for chatting with 10 friends. But it was short sighted. Just as Stallman saw the long term problems of closed software the day he co
Re: (Score:2)
I agree with it being a good idea, I disagree with it not being a problem.
The multi-protocol clients were not the problem. The problem was the closed infrastructure (you could only chat with ICQ people by opening an ICQ account). The only thing that ever came close to solve this problem was XMPP federation.
Since then, we've gone backward by a few decades.
Re: (Score:2)
Just to be clear: we're basically in agreement here.
What I'm trying to say is that in the small scheme of things multi-protocol clients solved the most annoying issue for users: lack of client choice and all contacts in a single place. And it was a legitimate solution, that might have missed the bigger picture.
I'm arguing that had these 2 issues not been solved then, we might have seen a different evolution. Either going faster to the current status, or a push for federation.
In the grand scheme of things
Re: (Score:3)
The problem is that (some) geeks dropped the ball 5-10 years ago
Geeks have nothing to do with that. The world was actively using all sorts of single vendor locked messaging systems long before the iPhone was a thing. And people were used to it before the iPhone was released.
Re: (Score:1)
No, it was tech geeks that dropped the ball on it.
We all saw it.
Re: (Score:2)
Which single vendor locked messaging system was popular before the iPhone?
We had proprietary protocols such as AIM but they worked on every device you can think of and anybody could design a compatible application. It was not open source, you couldn't run your own server, you still needed to register with AIM, but at least you had some freedom left.
Re: (Score:2)
AIM but they worked on every device
Not sure how you got from "protocol" to "device". AIM is a great example. You could only talk to people on AIM, not to people on MSN. Fast forward to the release of the iPhone and you have a world of people perfectly content that the idea of a messaging system from Apple can only be used by Apple customers.
This wasn't geek's doing. It was mum and dad playing on AOL. It was the kids playing on ICQ and MSN.
Re: (Score:2)
AIM is a great example of a solution which is much better than Facetime/iMessage.
If the geeks refused to use protocols only available on devices sold by a single vendor, we would be in a better position today.
Not sure how you got from "protocol" to "device".
It's literally in my first message in this discussion.
So, to summarize:
The best is an open standard protocol, which can have multiple implementations on all devices from all vendors (like email, or xmpp).
The second best is a proprietary but open protocol, which can have multiple implementations on all
Re: (Score:2)
If the geeks refused to use protocols only available on devices sold by a single vendor, we would be in a better position today.
I think you're missing my point. Geeks don't matter. They are powerless. You can get every geek to convert to Jabber and the entire world would WhatsApp each other with questions like "What? Who? Leave me alone I have friends I need to chat with on Telegram!"
If you want a practical example of this, just go and find out what year is the year of Linux on desktop. My survey of geeks show they all run it, so clearly Linux is a highly popular desktop OS right?
It's literally in my first message in this discussion.
Wasn't taking issue with your first message, just thi
Re: (Score:2)
Well of course geeks have limited influence. Although they can definitely have some on tech.
But if you read the conversation, I was replying to serafean who said that geeks dropped the ball 30 years ago by creating multi-protocol instant messaging client applications. So *if* geeks have some power, I still think that it wasn't a mistake, however the geeks who led, embraced, the change to the absolute worst instant messaging solutions (such as those by Apple) deserve to be shamed, at least by other geeks.
Re: Interoperable messaging? (Score:4, Insightful)
The "geeks" that use iphones sold themselves out a long time ago. A majority of them now argue that being able to sideload apps is a very bad thing.
Coolsies! (Score:2)
Yes! Yes! Finally!
Oh, wait. I thought politicians were applying this to themselves and their own political parties.
n/m
Is Socal Media is all what is left of US Tech? (Score:2)
If this law is going to severely affect the US Technology market, then there is something very wrong with US Tech market.
They biggest issue I see is just getting the interoperability, and that isn't really that big, just code to make things cross compatible. This isn't like the 1990's where code is written for a single OS, and Hardware platform, where a different format would be a big deal.
Ads on Minors should be a no-brainer, however I think the responsibility for ads targeted to minors, should be shared w
This'll only work if it can be enforced (Score:2)
Google, facebook, twitter and other big ones have offices - and probably bank accounts - in the EU allowing these laws to be enforced using punitive action. But if a company operates entirely outside EU jurisdiction how do they plan on this working? Good luck persuading Google or Apple to ban an app because of this and blocking a website won't go down very well at all.
Re: (Score:2)
Russia and china persuade apple/google to ban apps on their territory. The mechanisms exist. Not sure I like this approach though as a European.
As for enforcement, for instance the GDPR is a protection of EU citizens, wherever they may be, regardless of where a company operates. Yes, it is as "crazy" as some US extraterritorial laws, but it appears the gloves are coming off regarding territoriality on the internet.
A similar mechanism might be put in place for this.
Jabber / XMPP? (Score:3)
Maybe we will see Jabber and XMPP, or their successor, get a new lease of life?
In many ways I am happy to see this push, since last time this happened was to ensure the phone companies were interoperable, and this made the phone such a convenient tool for everyone. By forcing the tech companies to think of interoperability of their platforms it should help abolish some of the communication islands we see today.
In doing this, I am sure companies will find new ways of encouraging people to stick to their platforms, such as indicating that they can only guarantee to end-to-end encryption only for those on the same network.
BTW It should be mentioned that both Google and Apple made indications of providing interoperable messaging and video platforms, but like a good political promise these fizzled out and have been forgotten about, by most people.
Re: (Score:1)
"Interoperable" means they can intersnoop and interspam users. Lovely!
Re: (Score:2)
Re: (Score:2)
shrugs shoulders at : "*pple made indications of providing interoperable messaging and video" - imessage is far from interoperable.. THose on iMessage have no interest in messaging with non-imessage users. that little green circle... It's caused stress in my family TBH - Child to parent: "You have to buy an iPhone"... thats just wrong.
I was actually thinking more of FaceTime, but if this new ruling helps with the industry sort out messaging services such iMessage as well, then even better.
Re: (Score:2)
Re: (Score:2)
good point.. FaceTime and iMessage are both dividers of people/friends/family. I like the spirit of the things EU is doing.. Standardizing/commoditizing while leaving the door open to innovation.... not "capture". Those in the walled Garden need to meet the rest of the population.
While we can talk about walled gardens in the context of Apple, all messaging platforms are walled gardens or islands of communication. Only e-mail and telephones really represent inter-connected communication platforms.
Jabber is essentially the only open messaging platform, but because there hasn't been any regulatory push to force inter-connection, businesses just went the easy route and dropped inter-connectivity efforts.
Re: (Score:2)
Re: (Score:2)
So .. is the Eu move to ensure interoperability and to reduce EWaste by standardizing on USBC chargers a good thing? Yes! I think so. Success should be tied to innovation and moving the goalposts. This almost sounds like the US government which is more infatuated with re-election than with governance.. but i digress. In either case. Down with lock-in, lets adapt and reward innovation that helps us do so.
I am okay to have a common service level across platforms, while having a few extra features reserved for in-platforms users, if only because other platforms don't care about adding the features. We could also find ourselves with a common platform, like HTML5, where everyone actually works together to innovate, because they see value in not standing still.
Re: Jabber / XMPP? (Score:2)
need of the time (Score:1)
Good (Score:2)
Can the US and Canada sue for that too?
Please?
Primary link to EU site (Score:2)
The Bloomberg link is paywalled. This is the direct EU link [europa.eu]. Some details in the thread summary may not be completely accurate.
The penalty should be "Fines of up to 10% of the company’s total worldwide annual turnover ... Periodic penalty payments of up to 5% of the average daily turnover ... In case of systematic infringements of the DMA obligations by gatekeepers, additional remedies [such as] behavioural and structural remedies, e.g. the divestiture of (parts of) a business."
Although the paywa
Is this aimed at Walled Gardens? (Score:2)