As technology shapes our societies, the transatlantic tech alliance is moving its regulatory agenda ahead to increase government oversight.
The EU has proposed new rules to govern data use, artificial intelligence, social media content, and online marketplaces. Brussels has already approved major legislation on privacy and competition policy. Meanwhile, Washington lags far behind.
CEPA’s Digital Innovation Initiative (DII) is tracking major developments in transatlantic tech policy below. Major updates are highlighted in red.
June 16 – Privacy and Digital Rights
The European Commission updates its Code of Practice on Disinformation, requiring social media networks, among other voluntary commitments, to increase cooperation with fact-checkers and allow researchers access to their data.
June 7 – Privacy and Digital Rights
The European Union’s terrorist content regulation enters into force, requiring social media and other online content platforms to take down content that authorities identify as glorifying or promoting terrorism. In some cases, platforms must act within an hour to remove the content or face a fine.
June 7 – Hardware
The European Union agrees that smartphones and tablets sold in the EU must use a common USB-C charging port, starting in the fall of 2024. Apple sought to keep using its proprietary Lightning charging port.
June 3 – Privacy and Digital Rights
May 31 – Competition
The US Supreme Court suspends a law introduced by the Texas state government which would have prevented social media platforms from removing user content based on political views.
May 17 – Cybersecurity
The Justice Department announces a revised policy that creates an exception for good-faith security researchers to not be prosecuted under the Computer Fraud and Abuse Act of 1986.
May 16 – Trade and Technology Council
EU and U.S. officials conclude the second Trade and Technology Council meeting in Paris. This forum was initially positioned transatlantic counterweight to China but has shifted a clear focus to combat Russia. Read the final statement here.
May 13 – Cybersecurity
EU bodies agree on the details of the Network and Information Security Directive (NIS2 Directive), a new law forcing critical industries to improve their cyber resilience.
May 11 – Privacy and Digital Rights
The European Commission publishes its draft proposal to combat child sexual abuse online through widespread obligations on major tech platforms to find, report, and remove such content. However, tech executives and some MEPs fear that the Act would strip away basic privacy protections.
May 3 – Privacy and Digital Rights
The European Commission publishes its proposed European Health Data Space, a regulation that would align health data sharing practices across the bloc. Proponents claim it will expand healthcare and innovation and unlock €11 billion in economic gains while critics fear that technical and political challenges will limit its benefits.
May 2 – Competition
German competition authorities designate Meta as a "digital firm of paramount significance," lowering the threshold for the future anti-trust action.
April 28 – Privacy and Digital Rights
The US, European Commission, and 54 other governments endorse the Declaration for the Future of the Internet, a non-binding pledge to ensure internet freedom, protect privacy rights, and avoid the use of algorithms and mis/disinformation to infringe on civil liberties.
April 26 – Online Commerce
The EU's top court rules against the Polish government's effort to strike down a core component of the 2019 Copyright Directive that forces major platforms to check user uploads for pirated content.
April 23 – Digital Services Act
Europe finalizes its signature legislation forcing social media platforms to combat misinformation and restrict certain online ads or face billions in fines.
April 6 – Data Governance Act
The European Parliament approves the rules aimed at increasing data sharing within Europe, paving the way for formal adoption.
April 4 – Cybersecurity
The State Department launches its Bureau of Cyberspace and Digital Policy tasked with negotiating international cybersecurity partnerships.
March 29 – Competition
A French court fines Google €2 million for engaging in abusive commercial practices by imposing unfair clauses on independent app developers.
March 25 – Privacy Shield
US President Joe Biden and European Commission President Ursula von der Leyen strike an agreement in principle on a revamped “Privacy Shield” data transfer agreement. Details are left to be filled in by the end of the year. Privacy campaigner Max Shrems derides it as “lipstick on a pig.”
March 24 – Digital Markets Act
Europe finalizes its signature legislation to corral what it calls gatekeepers, large US companies such as Google, Amazon, Apple, Facebook, and Microsoft. All will face extensive new obligations and restrictions – and risk fines up to 20% of their worldwide turnover.
March 11 – Competition
The European Commission opens a case against Google and Facebook for anticompetitive behavior in display advertising.
March 9 – Privacy and Digital Rights
Italy’s data protection authority fines Clearview AI €20 million for privacy violations, orders it to delete all data processed from Italian citizens, and bans it from collecting any facial biometrics.
February 23 – Data Act
The European Commission proposes new rules about transferring data between businesses, governments, and consumers. It aims to ease access to data collected by tech companies. But critics fear increased security risks and building new barriers to reducing competition between major technology firms.
February 10 – Privacy and Digital Rights
The US Senate Judiciary Committee passes the EARN IT Act that would require the scanning of digital devices for Child Sexual Abuse material. Supporters argue that children must be protected, but critics worry about compromising security, encryption, and privacy.
February 8 – European Chips Act
In one of the most ambitious state-funded industrial schemes, the European Commission proposes to spend €43 billion subsidizing the European production of semiconductors.
January 26 – Competition
Intel wins its appeal against a $1.2 billion fine issued by the European Commission in 2009 for anti-competitive behavior, in a major loss for EU competition authorities. The Luxembourg-based General Court which granted the appeal found that the Commission failed to prove that Intel’s actions produced anticompetitive effects.
January 20 – Digital Services Act
The European Parliament approves its version, which goes beyond the original proposal. Parliament wants a ban on dark patterns and introduces strict restrictions on services targeting minors. But it backs away from making Internet Platforms filter their sites or make them liable for products and services offered by third parties.
January 13 – Privacy and Digital Rights
Austria’s data protection authority rules that Google Analytics violates the European privacy GDPR rules, opening the door for similar action by other EU countries.
January 10 – Privacy and Digital Rights
Europe’s data watchdog orders Europol, the EU’s law enforcement agency, to remove all data for individuals unaffiliated with criminal activity, finding that the law enforcement agency’s data policies violate European privacy law.
January 5 – Competition
German competition authorities rule that Google benefits from “paramount significance across markets,” a move to impose restrictions on the search engine.
December 14 – Digital Services Act
The European Parliament’s Internal Market Committee adopts the Act, paving the way for a final Parliamentary vote. The committee version expands on the original proposal by introducing more robust transparency obligations, new provisions against dark patterns, and banning micro-targeting for minors.
December 10 – Data Governance Act
EU official reach an agreement on the Data Governance Act, aimed at easing the reuse of public sector data.
December 9 – Competition
Italy’s competition authority fines Amazon almost €1.13 billion for abusing its dominant position to force third-party merchants to use its warehouse and delivery services.
December 9 – Online Commerce
The European Commission proposes requiring Uber, Deliveroo, and other platforms to treat most gig workers as employees.
December 4 – Digital Markets Act
US Secretary of Commerce Gina Raimondo lashes out against Europe’s proposed legislation, criticizing its “disproportionate" impact on US tech companies.
November 29 – Privacy and Digital Rights/Competition
Italy’s competition authority fines Google and Apple €10 million each for “aggressive practices” in their commercial use of user data.
November 23 – Competition
Italy’s competition authority fines Amazon €68.7 million and Apple €134.5 million for colluding to restrict the resale of Apple products on Amazon.
November 23 – Digital Market Act
The European Parliament’s Internal Market Committee adopts the Act, paving the way for a full parliamentary vote. Compared to the European Commission’s initial proposal, this version reduces the number of gatekeepers while increasing the list of digital markets subject to regulation.
November 10 – Digital Markets Act
Ambassadors from the EU’s Member States adopt their position on the Act, paving the way for trialogue negotiations. Their version reduces the time for designating gatekeepers and expands upon the role of national courts and regulatory authorities.
November 10 – Competition
Google loses an appeal against a €2.8 billion antitrust decision, a major win for Europe's competition chief, who accused the search engine of leveraging its own price comparison shopping service to gain an unfair advantage over smaller European rivals.
October 21 – Competition
The US reaches a compromise with five European countries after a dispute over taxes on American tech giants.
October 1 – Data Governance Act
EU’s Member States adopt their position. They expand on the original Commission proposal by removing references to cloud service providers, adding codes of conduct for “data altruism,” empowering national authorities to share public-held data, and setting moderate penalties for non-compliance.
September 29 – Trade and Technology Council
Europe and the US leaders meet in Pittsburgh and launch a new initiative designed to facilitate transatlantic cooperation. The next meeting is scheduled for May 2022 in Paris.
September 2 – Privacy and Digital Rights
Ireland’s data protection authority fines WhatsApp €225 million over the app’s lack of transparency surrounding its data sharing practices with other Meta companies.
July 22 – Data Governance Act
The European Parliament’s Industry, Research and Energy Committee adopts the Data Act, calling for the establishment of a Data Innovation Advisory Council, expanding the initially proposed oversight body to include academics, private industry, and civil society.
July 1 – Online Commerce
New Value-Added Tax (VAT) rules for online shopping enter into force, requiring marketplaces to collect the tax on behalf of their merchants. Consumers receive extra charges to receive packages.
June 20 – Online Commerce
The European Commission proposes a new regulation that would increase responsibilities for e-commerce marketplaces to ensure that no dangerous products are sold on their platform.
June 1 – Digital Markets Act
Lead Rapporteur, MEP Andreas Schwab, submits his draft report on the proposed Act to the European Parliament’s Internal Market Committee. He proposes narrowing the definition of “gatekeepers” to target major US tech firms (Google, Apple, Facebook, Amazon, and Microsoft).
June 1 – Privacy and Digital Rights
Europe’s new copyright law comes into effect, increasing pressure on digital platforms to pay rightsholders to link to their content.
May 28 – Digital Services Act
Lead Rapporteur, MEP Christel Schaldemose, submits her draft report on the proposed Act to the European Parliament’s Internal Market Committee. She calls for making online marketplaces liable for all products listed for sale.
May 12 – Competition
Europe’s General Court dismisses the Commission’s antitrust case against Amazon on the basis that it received preferential tax treatment in Luxembourg, in a blow to Brussel’s antitrust agenda.
May 6 – Privacy and Digital Rights
Microsoft announces that it will store and process EU data within the EU as a result of continued fallout from the Schrems II decision on transatlantic data flows.
April 23 – Infrastructure and Telecommunications
Germany, one of the last holdouts, joins most other European countries in labeling the Chinese telecommunications company a security risk.
April 21 – AI Act
The European Commission publishes its draft proposal to regulate Artificial intelligence. It would designate various types of programming as high and low risk and impose restrictions on “high-risk” AI applications, such as facial recognition.
February 12 – Privacy and Digital Rights
Sweden’s data protection authority issues a €250,000 to police authorities for their use of Clearview AI facial recognition technologies in violation of national data laws.
December 16 – Cybersecurity
The European Commission proposes cybersecurity rules to toughen the bloc’s defenses of critical infrastructure. But a planned certification system proves controversial, with critics fearing it could undermine security.
December 15 – Digital Services Act
The European Commission publishes its draft proposal to oblige platforms to combat illegal content, non-transparent advertising practices, and disinformation. Non-compliant platforms would face fines of up to 6% of annual revenue.
December 15 – Digital Markets Act
The European Commission publishes its draft proposal to monitor and prevent major platforms from engaging in anti-competitive behavior. The proposed Act would ban, among other practices, digital “gatekeepers” from self-preferencing. Platforms could face fines of up to 10% of annual global revenue.
November 25 – Data Governance Act
The European Commission publishes its draft proposal to facilitate the sharing of non-personal and industrial data across the EU.
October 15 – Infrastructure and Telecommunications
European MEPs label Chinese telecommunications company Huawei a security threat.
October 14 – Privacy and Digital Rights
French courts rule that Microsoft could not transfer personal health data outside of the EU, even though the government had contracted it to host the information.
July 16 – Competition
The European General Court rules in favor of Apple, finding that the US tech firm did not unlawfully benefit from Ireland’s corporate tax laws, denying the European Commission a claim of €13 billion in back taxes.
July 15 – Privacy Shield
The European Court of Justice invalidates the EU-US Privacy Shield agreement, saying that US surveillance violates European privacy rights established under the Europe’s GDPR privacy law. This ruling threatens transatlantic data flows.
June 23 – Online Commerce
Germany’s Federal Supreme Court orders Facebook to stop sharing data across WhatsApp and Instagram.
June 23 – Online Commerce
Norway’s Supreme Court rules in favor of Apple that independent firms violated trademark rules by using cheaper repair parts, in a move condemned by “right to repair” groups.
February 4 – Privacy and Digital Rights
The Irish Data Protection Commission launches a formal investigation into Google over how the company processes user location data.