Home | Newsletters & Shorts | DW Weekly #102 – 13 March 2023

DW Weekly #102 – 13 March 2023

DigWatch Weekly 100th issue 1920x1080px generic
DW Weekly #102 – 13 March 2023 7

Dear all,

We start the week with news that the Silicon Valley Bank, a major lender to Big Tech companies, has collapsed. This only adds to the financial woes of tech companies, especially those which have had to consider layoffs. 

Meanwhile, much of the debate during last week’s fourth substantive session of the UN Open-Ended Working Group (OEWG) highlighted existing divergences between countries advocating for an international treaty, others in favour of implementing existing norms of state behaviours, and yet others somewhere in between. We’ll publish an in-depth analysis on our OEWG page next week.

In other news, India and China are planning changes in how they manage their data, while Big Tech wrestles with Canada over its new media bargaining draft rules. Let’s get started.

Stephanie and the Digital Watch team


Will TikTok’s Project Clover be enough to appease European policymakers?

TikTok’s relationship with US and European policymakers is shaky at best. In the USA, the company is still trying to recover from Trump’s attempt to ban the app from operating in the country unless it was sold to an American company. The attempt may have failed back then, but policymakers are still intent on passing rules that would give the government the power to ban the company.

The EU is following suit: In their most recent action against TikTok, the EU’s institutions announced a ban on TikTok from being used on the personal devices of their staff. (So did the US Government, Canada, and Belgium.)

Antagonism against TikTok. The reason for this antagonist approach is because TikTok’s parent company ByteDance is Chinese. There are three main causes for concern.

  • Citing national security issues, policymakers fear that the Chinese government could be using the platform for espionage or other malicious activities. Although the USA and the EU share common concerns, the USA has been challenging TikTok (undoubtedly also influenced by the ongoing trade war between the USA and China), for longer than the EU. 
  • Policymakers also worry that users’ data can be accessed by China (TikTok has admitted that non-EU staff do have access to European data). Here, there’s more at stake for the EU due to its tougher legislation on data protection; the EU has in fact been more vociferous on data handling than it has on issues of national security. 
  • TikTok has been sued in several countries for exposing children to harmful content and for other practices that place children’s privacy at risk. The investigations and lawsuits follow their natural course: imposing fines on TikTok where appropriate and mandating a change in practices where necessary. Even though these practices can harm kids, no company has ever been banned from a market over this issue.

This begs two questions: Will the EU follow the USA’s stance on security? And will TikTok manage to reassure the EU that it’s severing all connections with China regarding European data? In the interests of cooperation between the USA and Europe, we’re bound to see a certain ripple effect in the actions the USA and Europe take when it comes to national security. But when protecting citizens’ data, the EU will want to make up its own mind.

Enter Project Clover. TikTok has just announced new data access and data security measures, including (a) security gateways that will determine employee access to European TikTok user data and data transfers outside of Europe; (b) external auditing of these processes by a third-party European security company; (c) new privacy-enhancing technologies to ensure that data cannot be de-anonymised ‘without additional information’.

This comes in addition to recent announcements that TikTok will open three European data centres (two in Ireland and one in Norway), to the tune of €1.2 billion (US$1.3 billion) in annual running costs.

Nor is it the first project of its kind: A similar plan, Project Texas, is ongoing in the USA. But Project Clover is a tad more ambitious. According to TikTok, the new data access rules will not only comply with the EU’s GDPR, but will introduce higher data access standards.

Not quite there yet. All of this should help appease European policymakers. But as they say, the devil is in the details. Details that put Project Clover on the right track, but not quite strongly enough.

First, TikTok will probably be nudged into confirming that not only will the data be housed in Ireland and Norway, but that access to it also be confined to Europe. The carefully-worded announcement falls short of affirming this (current wording includes: ‘Our existing data access controls already highly limit access to user data’; ‘security gateways… will determine employee access to European TikTok user data and data transfers outside of Europe’; ‘this will add another level of control over data access’). 

Second, TikTok will need to provide clearer timelines on when it will implement what it promises to do. Clear schedules will also be important for timely compliance with the tougher obligations that the Digital Services Act imposes on very large online platforms and for implementing its sister legislation, the Digital Markets Act.

TikTok was set to be quizzed by the French regulator today (13 March) and will testify at a full committee hearing of the US House of Representatives Energy and Commerce Committee on 23 March.

Digital policy roundup (6–13 March)

India plans to introduce data flows by-default model

India’s government plans to amend draft rules on data transfers in the proposed Digital Personal Data Protection Bill to introduce data flows by default, The Indian Express reports.

The current provision on cross-border data flows (Section 17 of the bill) states that the ‘Central Government may… notify such countries or territories outside India to which a data fiduciary may transfer personal data…’ Sources told the newspaper this is likely to be amended, with the bill allowing cross-border data flows to all locations by default, with the exception of blacklisted countries, where transfers would be restricted.

India, which holds the G20 presidency, promised to promote ‘a new gold standard for data’ during its term.

China plans to set up new bureau for data governance; reiterates calls for self-reliance

China is planning to set up a new government agency to centralise the management of its data. The proposed national data bureau, to be coordinated by the National Development and Reform Commission, will be tasked with the sharing and application of data resources. The plan was submitted last week for deliberation during the annual session of the National People’s Congress, one of the ‘two sessions’. The proposed body will also be responsible for advancing the development of China’s digital economy and other digital-related ambitions.

In separate news, Chinese President Xi Jinping has renewed calls to speed up efforts for achieving greater self-reliance in science and technology. China’s strength should ultimately rely on scientific and technological innovation, he told the National People’s Congress.

Chinese policymakers sitting at the Great Hall of the People in Beijing, with the National Emblem of China as backdrop
The 14th National People’s Congress (NPC) opens its first session at the Great Hall of the People in Beijing, China. Credit: Xinhua/Ju Peng


WhatsApp agrees to be more transparent when updating terms of service

The European Commission has announced that WhatsApp has committed to being more transparent on changes to its terms of service, in settlement of an EU consumer probe. For future updates to its terms, WhatsApp promised it would explain clearly to users what changes it intends to make to its contracts and how the changes could affect users’ rights. WhatsApp has also committed to making it easier for users to reject updates if desired and to explain to users what happens when they reject an update. 

The announcement came after discussions between the company and the consumer protection cooperation (CPC) Network of authorities responsible for enforcing the EU consumer protection laws. The CPC will monitor how the company will implement these commitments. 

BEUC is not happy. The European Consumer Group BEUC is disappointed, as the commitments are limited to future actions and offer no remedies for past behaviour.


Google will end news blocking in Canada…

Google will stop blocking news content in Canada, the company told a parliamentary panel last week. A few weeks ago, Google temporarily blocked access to news content in Canada in reaction to draft rules that would oblige internet platforms to compensate Canadian media companies for making news content available on the platforms. 

…But Meta threatens to start blocking access

Facebook’s parent company Meta, however, announced it would end access to news content for Canadian users if the rules are introduced in their current form.

A Meta spokesperson said: ‘A legislative framework that compels us to pay for links or content that we do not post, and which are not the reason the vast majority of people use our platforms, is neither sustainable nor workable.’


US budget proposes big spend on cybersecurity

The new US budget for 2024, announced last week by President Biden, is requesting significant funding for cybersecurity operations, including USD63 million for strengthening the FBI’s capacity, and USD145 million to improve the capacities of the Cybersecurity and Infrastructure Security Agency (CISA).

In addition, the budget requests more than USD395 million to advance global cyber and digital development initiatives, including the Department of State’s Bureau of Cyberspace and Digital Policy, and regional initiatives such as Digital Transformation with Africa.

US President Joe Biden delivering remarks on his budget for 2024. Credit: NBC News
US President Joe Biden delivering remarks on his budget for 2024. Credit: NBC News

// JOBS //

Meta to lay off thousands of employees (again)

It’s already been reported recently in the Financial Times, and now it’s Bloomberg’s turn to report that Meta is planning to cut thousands of jobs. The company, which has not issued any official communication on this second round of job cuts, laid off more than 11,000 jobs in November.

The week ahead (13–19 March)

13–16 March: Organised by ITU and the UN Economic Commission for Europe (UNECE), the all-virtual Future Networked Car Symposium 2023 will examine the latest advances in vehicle connectivity, automated mobility, and the role of AI in ​the transport sector. 

13–17 March: This year’s WSIS Forum 2023, in Geneva and online, will focus on how to accelerate the achievement of the SDGs. (Pass by our booth!)

16 March: The European Commission’s public consultation on the enforcement procedures of the new Digital Services Act ends today.

16 March: The Human Rights Council’s 52nd session continues in Geneva. The discussion on the Special Rapporteur on Violence Against Children’s report addresses the risks children face in the digital environment.

16–17 March: This year’s Blockchain Africa Conference 2023 is its ninth edition. Taking place in Johannesburg, South Africa, and online, it will focus on the opportunities of using blockchain technology and potential use cases in Africa and globally.

Noam Chomsky

Chomsky dubs marvels of ChatGPT a ‘false promise’

If there’s one person we would ask for his thoughts on ChatGPT, it’s Professor Noam Chomsky, widely known as the father of modern linguistics. In last week’s op-ed, Chomsky wrote how content generators’ ‘deepest flaw is the absence of the most critical capacity of any intelligence.’ Read the full text.

Stephanie Borg Psaila
Director Digital Policy, DiploFoundation

Was this newsletter forwarded to you, and you’d like to see more?
Subscribe here.