The EU’s latest concerns about TikTok’s DSA compliance center on the launch of TikTok Lite.
TikTok has been given 24 hours to provide the risk assessment for TikTok Lite.
It’s not clear whether TikTok conducted a DSA risk assessment for the new reward program ahead of launching TikTok Lite in the two EU markets.
But the regulation’s focus on systemic risk essentially makes such a step obligatory for features that are likely to appeal to minors.
TikTok did tell us it requires TikTok Lite users to verify that they are 18 or older in order to collect points through their use of the app.
On Tuesday, digital EVP and competition chief Margrethe Vestager cast doubt on Meta’s privacy fee, telling Reuters: “I think there are many different ways to monetize the services that you provide.
“Consumers should be given time to reflect before making that decision, and not being put under pressure to accept it quickly.”As noted above, consumer protection groups have filed a number of complaints about Meta’s privacy fee — arguing Meta is breaching EU consumer protection and privacy rules.
There’s currently no way for users in the EU to use Facebook or Instagram and not be tracked.
They suggest Meta’s strategy is a blatant attempt to circumvent EU laws by making privacy an unaffordable luxury.
Vestager’s remarks also suggest the Commission already takes the view that Meta’s privacy fee is non-compliant with the DMA.
Europe eyes LinkedIn’s use of data for ads in another DSA askMicrosoft-owned professional social network, LinkedIn, is the latest to get a formal request for information (RFI) from the EU.
Of specific concern is whether LinkedIn is breaching the DSA’s prohibition on larger platforms’ use of sensitive data for ad targeting.
Profiling based on such data to target ads is banned under the law.
The DSA also empowers the EU to impose fines for incorrect, incomplete, or misleading information in response to an RFI.
LinkedIn isn’t the only platform to be in the EU’s spotlight when it comes to use of data for ads.
The eight platforms are designated as very large online platforms (VLOPs) under the regulation — meaning they’re required to assess and mitigate systemic risks, in addition to complying with the bulk of the rules.
These will test platforms’ readiness to deal with generative AI risks such as the possibility of a flood of political deepfakes ahead of the June European Parliament elections.
It’s recently been consulting on election security rules for VLOPs, as it works on producing formal guidance.
Which is why it’s dialling up attention on major platforms with the scale to disseminate political deepfakes widely.
The Commission’s RFIs today also aim to address a broader spectrum of generative AI risks than voter manipulation — such as harms related to deepfake porn or other types of malicious synthetic content generation, whether the content produced is imagery/video or audio.
The European Union has opened its third formal investigation of a very large platform under the Digital Services Act (DSA), with China’s AliExpress earning itself the dubious honor of being the first online marketplace to face formal probe by the Commission.
Social media platforms X and TikTok are the two other very large online platforms (VLOPs) already under formal DSA investigation (since December and February, respectively).
They said it will also look into transparency and safety concerns related to influencers’ use of AliExpress.
It said it will also investigate how the influencer affiliate program is implemented to verify whether it complies with DSA transparency rules.
There’s no fixed timeline for the EU to conclude a DSA investigation.
A lengthy investigation into the European Union’s use of Microsoft 365 has found the Commission breached the bloc’s data protection rules through its use of the cloud-based productivity software.
Announcing its decision in a press release today, the European Data Protection Supervisor (EDPS) said the Commission infringed “several key data protection rules when using Microsoft 365”.
The regulator, which oversees’ EU institutions’ compliance with data protection rules, opened a probe of the Commission’s use of Microsoft 365 and other US cloud services back in May 2021.
Yet use of Microsoft 365 routinely results in data flowing back to Microsoft’s servers in the US.
Over the last few years, Microsoft has responded to amped up EU regulatory risk attached to data transfers by expanding a data localization effort focused on regional cloud customers — in an infrastructure it’s branded the “EU Data Boundary for the Microsoft Cloud”.
India’s federal election commission has fixed flaws on its website that exposed data related to citizens’ requests for information related to their voting eligibility status, local political candidates and parties, and technical details about electronic voting machines.
The bugs allowed access to the RTI requests, download transaction receipts, and responses shared by the officials without properly authenticating user logins.
Some of the exposed data included the RTI filing date, the questions asked, the applicant’s name and mailing address, the applicant’s poverty line status, and RTI responses.
The bugs were fixed earlier this week following CERT-In’s intervention.
The Election Commission of India did not respond to a request for comment.
The European Union has fined Apple €1.84 billion for breaching antitrust rules in the market for music streaming services on its mobile platform, iOS.
The penalty is focused on Apple’s application of anti-steering provisions, which put restrictions on music streaming apps’ abilities to tell consumers about cheaper offers outside Apple’s App Store.
The iPhone maker has its own music streaming service, Apple Music, and rivals — such as Spotify — have argued the restrictions put them at a disadvantage compared to the platform operator.
A formal EU statement of objections duly followed, in April 2021, when the Commission accused Apple of operating its App Store in a way that distorts competition in the market for music streaming services.
Last month, the FT reported Apple was facing a €500M antitrust penalty over music streaming.
Now the EU is asking questions about Meta’s ‘pay or be tracked’ consent modelMeta’s controversial pay or be tracked ‘consent’ choice for users the European Union is facing questions from the European Commission.
Meta’s ad-free subscription is controversial because under EU data protection law consent must be informed, specific and freely given if it’s to be valid.
Now the EU itself is stepping in with an RFI under the DSA, the bloc’s recently updated ecommerce rulebook.
In follow-up questions last month, the MEPs criticized internal market commissioner, Thierry Breton, for what they couched as “inadequate answers” — repeating their ask for a clear verdict on Meta’s ‘pay or consent’ model.
We also reached out to Ireland’s DPC for an update on its review of Meta’s consent or pay model — which has been ongoing for around six months.
The CEO of meditation app Insight Timer, Christopher Plowman, is frustrated.
That’s what happened with Insight Timer, a popular meditation app with around 25 million installs and 3 million monthly active users.
Because Insight Timer doesn’t take a cut of users’ donations to favorite teachers, those donations shouldn’t be subject to Apple’s commission — or so Plowman believed.
Insight Timer implemented the feature using Stripe as the payment provider on the backend, as the rule permits.
During the time the commission-free donations feature was live, Insight Timer’s users donated roughly $100,000 per month to the app’s teachers, Plowman says.
