Photo of Jeane A. Thomas

On May 25, 2022, following markup in the Judiciary Committee, Senator Amy Klobuchar introduced an amended version of the American Innovation and Choice Online Act (“AICOA”), an antitrust bill we previously reported on that aims to curtail self-preferential conduct by certain online platforms. The revised bill now carves out telecommunications providers and financial service companies from the bill’s prohibitions, and reduces potential penalties for violations. Additionally, the revision now creates an exception to the bill’s technical interoperability requirements “where such access would lead to significant cybersecurity risk.” Although critics complain the revisions do not go far enough to address the bill’s shortcomings, Senator Klobuchar and other bi-partisan supporters are pushing for a Senate floor vote this summer.

Continue Reading Senate Revises Antitrust Bill Aimed at Curbing Self-Preferential Conduct by Online Platforms

On December 15, 2020, the European Commission (EC) presented its long-awaited proposal for a Digital Services Act (DSA), together with a proposal for a Digital Markets Act (DMA), which we discussed in a previous alert. Whereas the DMA aims to promote competition by ensuring fair and contestable markets in the digital sector, the DSA proposal intends to harmonize the liability and accountability rules for digital service providers in order to make the online world a safer and more reliable place for all users in the EU.

Most notably, the DSA would impose far-reaching due diligence obligations on online platforms, with the heaviest burdens falling on “very large” online platforms (i.e., those with more than 45 million average monthly active users in the EU), due to the “systemic” risks such platforms are deemed to pose in terms of their potential to spread illegal content or to harm society. In this day and age when the perceived power of online platforms to independently control content publication and moderation is headline news daily, with governments throughout the globe grappling with different legislative and regulatory proposals, the DSA stands out as an ambitious effort by the EC to create a consistent accountability framework for these platforms, while striking a balance between safeguarding “free speech” and preserving other values and interests in a democratic society. Like the parallel DMA proposal, the DSA proposal has been criticized for targeting mainly U.S.-based companies, which would make up most of the “very large” platforms. Given the huge commercial interests at stake, the passage of both laws will no doubt be the subject of intense debate and lobbying, including with respect to the asymmetric nature of the proposed regulation and the powerful role that the EC reserves to itself in both proposals.
Continue Reading Digital Services Act: The European Commission Proposes An Updated Accountability Framework For Online Services

On December 15, 2020, the European Commission (EC) published its proposal for a Digital Markets Act (DMA). The proposal aims to promote fair and contestable markets in the digital sector. If adopted, it could require substantial changes to the business models of large digital platform service providers by imposing new obligations and prohibiting existing market practices. These changes not only would create significant new obligations on “gatekeeper” platforms, but also opportunities for competitor digital service providers and adjacent firms. Further, the proposed requirements of the DMA have the potential to transform the way that businesses engage with “gatekeeper” providers – including, for example, companies that sell goods and services, distribute apps, and/or purchase advertising on large platforms.

Digital Markets Act Proposal: Main Takeaways

  • Proposes new rules intended to promote fair and contestable markets in the digital sector, which would apply only to providers of “core platform services” designated as “gatekeepers”.
  • Defines “core platform services” to include online search engines, online marketplaces, social networks, messaging and chat apps, video-sharing platforms, operating systems, cloud computing services, and advertising networks and exchanges.
  • Defines “Gatekeepers” as providers of core platform services which have a significant impact on the EU internal market, serve as an important gateway for business users to reach customers, and have an entrenched and durable position.
  • Provides quantitative thresholds based on turnover or market value, and user reach, as a basis to identify presumed gatekeepers. Also empowers the Commission to designate companies as gatekeepers following a market investigation.
  • Prohibits gatekeepers from engaging in a number of practices deemed unfair, such as combining personal data across platforms, ‘wide’ MFN clauses, misusing non-public data about the activities of business users and their customers to gain a competitive advantage, blocking users from uninstalling pre-installed applications, self-preferencing in ranking, etc.
  • Imposes certain affirmative obligations on gatekeepers, including measures to promote interoperability, data access, data portability, and transparency regarding advertising services.
  • Requires gatekeepers to notify below-threshold mergers and to accept independent audits of profiling practices.
  • Puts the Commission in charge of enforcement with extensive investigative powers, including the power to require access to databases and algorithms, and the ability to impose fines of up to 10% of the gatekeeper’s worldwide annual turnover.
  • Empowers the Commission to impose structural remedies, potentially including the divestiture of businesses, for recurring non-compliance.
  • Authorizes the Commission to carry out market investigations to assess whether new gatekeeper practices and services need to be regulated.


Continue Reading Digital Markets Act: The European Commission Unveils Plans to Regulate Digital ‘Gatekeepers’

At 9:30 a.m. Central European Time, privacy professionals around the world were refreshing their browsers to read the long-awaited judgment of the Court of Justice of the European Union (CJEU) principally addressing the viability of Standard Contractual Clauses (SCCs) and the EU-U.S. Privacy Shield (Privacy Shield) as means to transfer personal data from the European Union (EU) to the United States (U.S.).

When the judgment arrived, it landed with a bang: though the CJEU upheld the use of SCCs, it invalidated the Privacy Shield, the well-known mechanism to transfer personal data from the EU to the U.S.  The decision also cast doubt on the viability of other options, including SCCs, for making transatlantic transfers.

The foundation of this decision and previous decisions affirming challenges to U.S. privacy practices is that the protection of personal data is a fundamental right in the EU, akin to a constitutional right in the U.S.  The General Data Protection Regulation (GDPR) enshrined these fundamental rights and established uniform data protection standards across the EU designed to protect the personal data of EU-based individuals.

Continue Reading Privacy Shield Invalidated: EU Data Transfers to the U.S. under Siege (again…)

An Analysis of the Requirement to Verify Consumer Requests and Parental Consents

On October 10, 2019, California Attorney General Xavier Becerra announced a long-awaited notice of proposed rulemaking and draft regulations for the California Consumer Privacy Act (CCPA), California’s new consumer privacy law, which we have analyzed here and here.

In parts one and

On October 10, 2019, California Attorney General Xavier Becerra announced a long-awaited notice of proposed rulemaking and draft regulations for the California Consumer Privacy Act (CCPA), California’s new consumer privacy law, which we have analyzed here and here.

In part one of our multi-part series regarding the draft CCPA regulations, we focused on businesses’