Apple’s App Store to face scrutiny in Germany as FCO opens ‘market power’ proceeding

Germany’s competition authority, the FCO, has completed its Big Tech GAFA ‘bingo’ card by opening a proceeding against Apple.

As with similar investigations already opened this year — into Amazon, Facebook and Google — the proceeding will determine whether or not the iPhone maker meets the threshold of Germany’s updated competition law.

The 10th amendment to the law, which came into force in January, enables the Bundeskartellamt to intervene proactively against the practices of large digital companies — if they are determined to have “paramount significance for competition across markets” and in order to prevent them from engaging in anti-competitive practices.

Discussing the key new provision to the Competition Act (aka, the GWB Digitalisation Act and specifically Section 19a) — in a panel discussion last week, the FCO’s president, Andreas Mundt, explained that the competition law update had been influenced by its experience with a long running (and pioneering) case against Facebook’s superprofiling of Internet users.

The upshot is that German competition law now has a theory of harm which entwines competition law and data protection — albeit, in the case of Apple, its tech empire is typically associated with defence (rather than abuse) of user privacy.

But the comprehensive amendments to German antitrust law are broadly targeted at Big Tech, with the goal of keeping markets open, fostering innovation and putting a stop to any abusive behavior, via provisions the FCO will be able to order — such an banning or restricting self-preferencing and bundling; or stopping giants tying products together to try to muscle into adjacent markets; or preventing them blocking interoperability and data access to try to lock out rivals, to name a few.

A mix of provisions are likely to be deployed, as tech giants are designated as addressable under the law, depending on the specifics of each case and the particular ecosystem business. So how it will operate in practice remains to be seen. So far the FCO is still in the process of determining (in each case) whether it can apply the law against GAFA.

For the Apple proceeding, Mundt said in a statement today that its operation of the App Store will be a “main focus” for the investigation because he said it “enables Apple in many ways to influence the business activities of third parties”.

“We will now examine whether with its proprietary operating system iOS, Apple has created a digital ecosystem around its iPhone that extends across several markets,” he added. “Apple produces tablets, computers and wearables and provides a host of device-related services. In addition to manufacturing various hardware products, the tech company also offers the App Store, iCloud, AppleCare, Apple Music, Apple Arcade, Apple TV+ as well as other services as part of its services business. Besides assessing the company’s position in these areas, we will, among other aspects, examine its extensive integration across several market levels, the magnitude of its technological and financial resources and its access to data.”

The FCO also noted that it has received a number of complaints against Apple “relating to potentially anti-competitive practices” — such as one from the advertising and media industry against Apple restricting user tracking with the introduction of its iOS 14.5 operating system; and a complaint against the exclusive pre-installation of the company’s own applications as a possible type of self-preferencing prohibited under Section 19a GWB.

“App developers also criticise the mandatory use of Apple’s own in-app purchase system (IAP) and the 30% commission rate associated with this,” it added in a press release. “In this context, the marketing restrictions for app developers in Apple’s App Store are also addressed. The latter complaint has much in common with the European Commission’s ongoing proceeding against Apple for imposing restrictions on the streaming service Spotify and accordingly preferencing its own services. Where necessary, the Bundeskartellamt will establish contact with the European Commission and other competition authorities in this regard. So far, no decision on initiating a further proceeding has been taken.”

Apple was contacted for comment on the FCO’s proceeding and it sent us this statement, attributed to a spokesperson:

Apple is proud to be an engine for innovation and job creation, with more than 250,000 jobs supported by the iOS app economy in Germany. The App Store’s economic growth and activity have given German developers of all sizes the same opportunity to share their passion and creativity with users around the world while creating a secure and trusted place for customers to download the apps they love with the privacy protections they expect. Germany is also home to Apple’s largest engineering hub in Europe, and a new €1BN investment in our European Silicon Design Center in Munich. We look forward to discussing our approach with the FCO and having an open dialogue about any of their concerns.”

Once issued by the FCO, a ‘paramount significance’ finding lasts for five years — while any legal challenges to orders made under Section 19a are intentionally expedited, with appeals going direct to Germany’s Federal Court of Justice (which is given exclusive competence). The goal being to avoid long drawn out litigations, as has occurred in the FCO’s case against Facebook’s superprofiling — which had legal questions referred to the CJEU back in March, some five years after the Bundeskartellamt began looking into Facebook’s data practices.

The coming months and years could be highly significant to how GAFA is able to operate in Europe’s largest economy — and, likely by extension, further afield in Europe and beyond as a number of jurisdictions are now paying active attention to how to regulate Big Tech.

Back in March, for example, the UK’s Competition and Markets Authority opened its own probe into Apple’s App Store. Simultaneously it’s working on reforming national law to create a ‘pro-competition’ for regulating tech giants.

While, last December, European Union lawmakers proposed the Digital Markets Act — also aiming to tackle the power market of so-called ‘gatekeeper’ platforms.

The FTC appointing Lina Khan as chair also appears to signify a change of direction on tech antitrust over in the US.

Perspectives on tackling Big Tech’s market power

The need for markets-focused competition watchdogs and consumer-centric privacy regulators to think outside their respective ‘legal silos’ and find creative ways to work together to tackle the challenge of big tech market power was the impetus for a couple of fascinating panel discussions organized by the Centre for Economic Policy Research (CEPR), which were livestreamed yesterday but are available to view on-demand here.

The conversations brought together key regulatory leaders from Europe and the US — giving a glimpse of what the future shape of digital markets oversight might look like at a time when fresh blood has just been injected to chair the FTC so regulatory change is very much in the air (at least around tech antitrust).

CEPR’s discussion premise is that integration, not merely intersection, of competition and privacy/data protection law is needed to get a proper handle on platform giants that have, in many cases, leveraged their market power to force consumers to accept an abusive ‘fee’ of ongoing surveillance.

That fee both strips consumers of their privacy and helps tech giants perpetuate market dominance by locking out interesting new competition (which can’t get the same access to people’s data so operates at a baked in disadvantage).

A running theme in Europe for a number of years now, since a 2018 flagship update to the bloc’s data protection framework (GDPR), has been the ongoing under-enforcement around the EU’s ‘on-paper’ privacy rights — which, in certain markets, means regional competition authorities are now actively grappling with exactly how and where the issue of ‘data abuse’ fits into their antitrust legal frameworks.

The regulators assembled for CEPR’s discussion included, from the UK, the Competition and Markets Authority’s CEO Andrea Coscelli and the information commissioner, Elizabeth Denham; from Germany, the FCO’s Andreas Mundt; from France, Henri Piffaut, VP of the French competition authority; and from the EU, the European Data Protection Supervisor himself, Wojciech Wiewiórowski, who advises the EU’s executive body on data protection legislation (and is the watchdog for EU institutions’ own data use).

The UK’s CMA now sits outside the EU, of course — giving the national authority a higher profile role in global mergers & acquisition decisions (vs pre-brexit), and the chance to help shape key standards in the digital sphere via the investigations and procedures it chooses to pursue (and it has been moving very quickly on that front).

The CMA has a number of major antitrust probes open into tech giants — including looking into complaints against Apple’s App Store and others targeting Google’s plan to depreciate support for third party tracking cookies (aka the so-called ‘Privacy Sandbox’) — the latter being an investigation where the CMA has actively engaged the UK’s privacy watchdog (the ICO) to work with it.

Only last week the competition watchdog said it was minded to accept a set of legally binding commitments that Google has offered which could see a quasi ‘co-design’ process taking place, between the CMA, the ICO and Google, over the shape of the key technology infrastructure that ultimately replaces tracking cookies. So a pretty major development.

Germany’s FCO has also been very active against big tech this year — making full use of an update to the national competition law which gives it the power to take proactive inventions around large digital platforms with major competitive significance — with open procedures now against Amazon, Facebook and Google.

The Bundeskartellamt was already a pioneer in pushing to loop EU data protection rules into competition enforcement in digital markets in a strategic case against Facebook, as we’ve reported before. That closely watched (and long running) case — which targets Facebook’s ‘superprofiling’ of users, based on its ability to combine user data from multiple sources to flesh out a single high dimension per-user profile — is now headed to Europe’s top court (so likely has more years to run).

But during yesterday’s discussion Mundt confirmed that the FCO’s experience litigating that case helped shape key amendments to the national law that’s given him beefier powers to tackle big tech. (And he suggested it’ll be a lot easier to regulate tech giants going forward, using these new national powers.)

“Once we have designated a company to be of ‘paramount significance’ we can prohibit certain conduct much more easily than we could in the past,” he said. “We can prohibit, for example, that a company impedes other undertaking by data processing that is relevant for competition. We can prohibit that a use of service depends on the agreement to data collection with no choice — this is the Facebook case, indeed… When this law was negotiated in parliament parliament very much referred to the Facebook case and in a certain sense this entwinement of competition law and data protection law is written in a theory of harm in the German competition law.

“This makes a lot of sense. If we talk about dominance and if we assess that this dominance has come into place because of data collection and data possession and data processing you need a parameter in how far a company is allowed to gather the data to process it.”

“The past is also the future because this Facebook case… has always been a big case. And now it is up to the European Court of Justice to say something on that,” he added. “If everything works well we might get a very clear ruling saying… as far as the ECN [European Competition Network] is concerned how far we can integrate GDPR in assessing competition matters.

“So Facebook has always been a big case — it might get even bigger in a certain sense.”

France’s competition authority and its national privacy regulator (the CNIL), meanwhile, have also been joint working in recent years.

Including over a competition complaint against Apple’s pro-user privacy App Tracking Transparency feature (which last month the antitrust watchdog declined to block) — so there’s evidence there too of respective oversight bodies seeking to bridge legal silos in order to crack the code of how to effectively regulate tech giants whose market power, panellists agreed, is predicated on earlier failures of competition law enforcement that allowed tech platforms to buy up rivals and sew up access to user data, entrenching advantage at the expense of user privacy and locking out the possibility of future competitive challenge.

The contention is that monopoly power predicated upon data access also locks consumers into an abusive relationship with platform giants which can then, in the case of ad giants like Google and Facebook, extract huge costs (paid not in monetary fees but in user privacy) for continued access to services that have also become digital staples — amping up the ‘winner takes all’ characteristic seen in digital markets (which is obviously bad for competition too).

Yet, traditionally at least, Europe’s competition authorities and data protection regulators have been focused on separate workstreams.

The consensus from the CEPR panels was very much that that is both changing and must change if civil society is to get a grip on digital markets — and wrest control back from tech giants to that ensure consumers and competitors aren’t both left trampled into the dust by data-mining giants.

Denham said her motivation to dial up collaboration with other digital regulators was the UK government entertaining the idea of creating a one-stop-shop ‘Internet’ super regulator. “What scared the hell out of me was the policymakers the legislators floating the idea of one regulator for the Internet. I mean what does that mean?” she said. “So I think what the regulators did is we got to work, we got busy, we become creative, got our of our silos to try to tackle these companies — the likes of which we have never seen before.

“And I really think what we have done in the UK — and I’m excited if others think it will work in their jurisdictions — but I think that what really pushed us is that we needed to show policymakers and the public that we had our act together. I think consumers and citizens don’t really care if the solution they’re looking for comes from the CMA, the ICO, Ofcom… they just want somebody to have their back when it comes to protection of privacy and protection of markets.

“We’re trying to use our regulatory levers in the most creative way possible to make the digital markets work and protect fundamental rights.”

During the earlier panel, the CMA’s Simeon Thornton, a director at the authority, made some interesting remarks vis-a-vis its (ongoing) Google ‘Privacy Sandbox’ investigation — and the joint working it’s doing with the ICO on that case — asserting that “data protection and respecting users’ rights to privacy are very much at the heart of the commitments upon which we are currently consulting”.

“If we accept the commitments Google will be required to develop the proposals according to a number of criteria including impacts on privacy outcomes and compliance with data protection principles, and impacts on user experience and user control over the use of their personal data — alongside the overriding objective of the commitments which is to address our competition concerns,” he went on, adding: “We have worked closely with the ICO in seeking to understand the proposals and if we do accept the commitments then we will continue to work closely with the ICO in influencing the future development of those proposals.”

“If we accept the commitments that’s not the end of the CMA’s work — on the contrary that’s when, in many respects, the real work begins. Under the commitments the CMA will be closely involved in the development, implementation and monitoring of the proposals, including through the design of trials for example. It’s a substantial investment from the CMA and we will be dedicating the right people — including data scientists, for example, to the job,” he added. “The commitments ensure that Google addresses any concerns that the CMA has. And if outstanding concerns cannot be resolved with Google they explicitly provide for the CMA to reopen the case and — if necessary — impose any interim measures necessary to avoid harm to competition.

“So there’s no doubt this is a big undertaking. And it’s going to be challenging for the CMA, I’m sure of that. But personally I think this is the sort of approach that is required if we are really to tackle the sort of concerns we’re seeing in digital markets today.”

Thornton also said: “I think as regulators we do need to step up. We need to get involved before the harm materializes — rather than waiting after the event to stop it from materializing, rather than waiting until that harm is irrevocable… I think it’s a big move and it’s a challenging one but personally I think it’s a sign of the future direction of travel in a number of these sorts of cases.”

Also speaking during the regulatory panel session was FTC commissioner Rebecca Slaughter — a dissenter on the $5BN fine it hit Facebook with back in 2019 for violating an earlier consent order (as she argued the settlement provided no deterrent to address underlying privacy abuse, leaving Facebook free to continue exploiting users’ data) — as well as Chris D’Angelo, the chief deputy AG of the New York Attorney General, which is leading a major states antitrust case against Facebook.

Slaughter pointed out that the FTC already combines a consumer focus with attention on competition but said that historically there has been separation of divisions and investigations — and she agreed on the need for more joined-up working.

She also advocated for US regulators to get out of a pattern of ineffective enforcement in digital markets on issues like privacy and competition where companies have, historically, been given — at best — what amounts to wrist slaps that don’t address root causes of market abuse, perpetuating both consumer abuse and market failure. And be prepared to litigate more.

As regulators toughen up their stipulations they will need to be prepared for tech giants to push back — and therefore be prepared to sue instead of accepting a weak settlement.

“That is what is most galling to me that even where we take action, in our best faith good public servants working hard to take action, we keep coming back to the same questions, again and again,” she said. “Which means that the actions we are taking isn’t working. We need different action to keep us from having the same conversation again and again.”

Slaughter also argued that it’s important for regulators not to pile all the burden of avoiding data abuses on consumers themselves.

“I want to sound a note of caution around approaches that are centered around user control,” she said. “I think transparency and control are important. I think it is really problematic to put the burden on consumers to work through the markets and the use of data, figure out who has their data, how it’s being used, make decisions… I think you end up with notice fatigue; I think you end up with decision fatigue; you get very abusive manipulation of dark patterns to push people into decisions.

“So I really worry about a framework that is built at all around the idea of control as the central tenant or the way we solve the problem. I’ll keep coming back to the notion of what instead we need to be focusing on is where is the burden on the firms to limit their collection in the first instance, prohibit their sharing, prohibit abusive use of data and I think that that’s where we need to be focused from a policy perspective.

“I think there will be ongoing debates about privacy legislation in the US and while I’m actually a very strong advocate for a better federal framework with more tools that facilitate aggressive enforcement but I think if we had done it ten years ago we probably would have ended up with a notice and consent privacy law and I think that that would have not been a great outcome for consumers at the end of the day. So I think the debate and discussion has evolved in an important way. I also think we don’t have to wait for Congress to act.”

As regards more radical solutions to the problem of market-denting tech giants — such as breaking up sprawling and (self-servingly) interlocking services empires — the message from Europe’s most ‘digitally switched on’ regulators seemed to be don’t look to us for that; we are going to have to stay in our lanes.

So tl;dr — if antitrust and privacy regulators’ joint working just sums to more intelligent fiddling round the edges of digital market failure, and it’s break-ups of US tech giants that’s what’s really needed to reboot digital markets, then it’s going to be up to US agencies to wield the hammers. (Or, as Coscelli elegantly phrased it: “It’s probably more realistic for the US agencies to be in the lead in terms of structural separation if and when it’s appropriate — rather than an agency like ours [working from inside a mid-sized economy such as the UK’s].”)

The lack of any representative from the European Commission on the panel was an interesting omission in that regard — perhaps hinting at ongoing ‘structural separation’ between DG Comp and DG Justice where digital policymaking streams are concerned.

The current competition chief, Margrethe Vestager — who also heads up digital strategy for the bloc, as an EVP — has repeatedly expressed reluctance to impose radical ‘break up’ remedies on tech giants. She also recently preferred to waive through another Google digital merger (its acquisition of fitness wearable Fitbit) — agreeing to accept a number of ‘concessions’ and ignoring major mobilization by civil society (and indeed EU data protection agencies) urging her to block it.

Yet in an earlier CEPR discussion session, another panellist — Yale University’s Dina Srinivasan — pointed to the challenges of trying to regulate the behavior of companies when there are clear conflicts of interest, unless and until you impose structural separation as she said has been necessary in other markets (like financial services).

“In advertising we have an electronically traded market with exchanges and we have brokers on both sides. In a competitive market — when competition was working — you saw that those brokers were acting in the best interest of buyers and sellers. And as part of carrying out that function they were sort of protecting the data that belonged to buyers and sellers in that market, and not playing with the data in other ways — not trading on it, not doing conduct similar to insider trading or even front running,” she said, giving an example of how that changed as Google gained market power.

“So Google acquired DoubleClick, made promises to continue operating in that manner, the promises were not binding and on the record — the enforcement agencies or the agencies that cleared the merger didn’t make Google promise that they would abide by that moving forward and so as Google gained market power in that market there’s no regulatory requirement to continue to act in the best interests of your clients, so now it becomes a market power issue, and after they gain enough market power they can flip data ownership and say ‘okay, you know what before you owned this data and we weren’t allowed to do anything with it but now we’re going to use that data to for example sell our own advertising on exchanges’.

“But what we know from other markets — and from financial markets — is when you flip data ownership and you engage in conduct like that that allows the firm to now build market power in yet another market.”

The CMA’s Coscelli picked up on Srinivasan’s point — saying it was a “powerful” one, and that the challenges of policing “very complicated” situations involving conflicts of interests is something that regulators with merger control powers should be bearing in mind as they consider whether or not to green light tech acquisitions.

(Just one example of a merger in the digital space that the CMA is still scrutizing is Facebook’s acquisition of animated GIF platform Giphy. And it’s interesting to speculate whether, had brexit happened a little faster, the CMA might have stepped in to block Google’s Fitibit merger where the EU wouldn’t.)

Coscelli also flagged the issue of regulatory under-enforcement in digital markets as a key one, saying: “One of the reasons we are today where we are is partially historic under-enforcement by competition authorities on merger control — and that’s a theme that is extremely interesting and relevant to us because after the exit from the EU we now have a bigger role in merger control on global mergers. So it’s very important to us that we take the right decisions going forward.”

“Quite often we intervene in areas where there is under-enforcement by regulators in specific areas… If you think about it when you design systems where you have vertical regulators in specific sectors and horizontal regulators like us or the ICO we are more successful if the vertical regulators do their job and I’m sure they are more success if we do our job properly.

“I think we systematically underestimate… the ability of companies to work through whatever behavior or commitments or arrangement are offered to us, so I think these are very important points,” he added, signalling that a higher degree of attention is likely to be applied to tech mergers in Europe as a result of the CMA stepping out from the EU’s competition regulation umbrella.

Also speaking during the same panel, the EDPS warned that across Europe more broadly — i.e. beyond the small but engaged gathering of regulators brought together by CEPR — data protection and competition regulators are far from where they need to be on joint working, implying that the challenge of effectively regulating big tech across the EU is still a pretty Sisyphean one.

It’s true that the Commission is not sitting on hands in the face of tech giant market power.

At the end of last year it proposed a regime of ex ante regulations for so-called ‘gatekeeper’ platforms, under the Digital Markets Act. But the problem of how to effectively enforce pan-EU laws — when the various agencies involved in oversight are typically decentralized across Member States — is one key complication for the bloc. (The Commission’s answer with the DMA was to suggest putting itself in charge of overseeing gatekeepers but it remains to be seen what enforcement structure EU institutions will agree on.)

Clearly, the need for careful and coordinated joint working across multiple agencies with different legal competencies — if, indeed, that’s really what’s needed to properly address captured digital markets vs structural separation of Google’s search and adtech, for example, and Facebook’s various social products — steps up the EU’s regulatory challenge in digital markets.

“We can say that no effective competition nor protection of the rights in the digital economy can be ensured when the different regulators do not talk to each other and understand each other,” Wiewiórowski warned. “While we are still thinking about the cooperation it looks a little bit like everybody is afraid they will have to trade a little bit of its own possibility to assess.”

“If you think about the classical regulators isn’t it true that at some point we are reaching this border where we know how to work, we know how to behave, we need a little bit of help and a little bit of understanding of the other regulator’s work… What is interesting for me is there is — at the same time — the discussion about splitting of the task of the American regulators joining the ones on the European side. But even the statements of some of the commissioners in the European Union saying about the bigger role the Commission will play in the data protection and solving the enforcement problems of the GDPR show there is no clear understanding what are the differences between these fields.”

One thing is clear: Big tech’s dominance of digital markets won’t be unpicked overnight. But, on both sides of the Atlantic, there are now a bunch of theories on how to do it — and growing appetite to wade in.

A Senate proposal for a new US agency to protect Americans’ data is back

Democratic Senator Kirsten Gillibrand has revived a bill that would establish a new U.S. federal agency to shield Americans from the invasive practices of tech companies operating in their own backyard.

Last year, Gillibrand (D-NY) introduced the Data Protection Act, a legislative proposal that would create an independent agency designed to address modern concerns around privacy and tech that existing government regulators have proven ill-equipped to handle.

“The U.S. needs a new approach to privacy and data protection and it’s Congress’ duty to step forward and seek answers that will give Americans meaningful protection from private companies that value profits over people,” Sen. Gillibrand said.

The revamped bill, which retains its core promise of a new “Data Protection Agency,” is co-sponsored by Ohio Democrat Sherrod Brown and returns to the new Democratic Senate with a few modifications.

In the spirit of all of the tech antitrust regulation chatter going on right now, the 2021 version of the bill would also empower the Data Protection Agency to review any major tech merger involving a data aggregator or other deals that would see the user data of 50,000 people change hands.

Other additions to the bill would establish an office of civil rights to “advance data justice” and allow the agency to evaluate and penalize high-risk data practices, like the use of algorithms, biometric data and harvesting data from children and other vulnerable groups.

Gillibrand calls the notion of updating regulation to address modern tech concerns “critical” — and she’s not alone. Democrats and Republicans seldom find common ground in 2021, but a raft of new bipartisan antitrust bills show that Congress has at last grasped how important it is to rein in tech’s most powerful companies lest they lose the opportunity altogether.

The Data Protection Act lacks the bipartisan sponsorship enjoyed by the set of new House tech bills, but with interest in taking on big tech at an all-time high, it could attract more support. Of all of the bills targeting the tech industry in the works right now, this one isn’t likely to go anywhere without more bipartisan interest, but that doesn’t mean its ideas aren’t worth considering.

Like some other proposals wending their way through Congress, this bill recognizes that the FTC has failed to meaningfully punish big tech companies for their bad behavior. In Gillibrand’s vision, the Data Protection Agency could rise to modern regulatory challenges where the FTC has failed. In other proposals, the FTC would be bolstered with new enforcement powers or infused with cash that could help the agency’s bite match its bark.

It’s possible that modernizing the tools that federal agencies have at hand won’t be sufficient. Cutting back more than a decade of overgrowth from tech’s data giants won’t be easy, particularly because the stockpile of Americans’ data that made those companies so wealthy is already out in the wild.

A new agency dedicated to wresting control of that data from powerful tech companies could bridge the gap between Europe’s own robust data protections and the absence of federal regulation we’ve seen in the U.S. But until something does, Silicon Valley’s data hoarders will eagerly fill the power vacuum themselves.

Dear Sophie: Is it possible to expand our startup in the US?

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

Extra Crunch members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one- or two-year subscription for 50% off.


Dear Sophie,

My co-founders and I launched a software startup in Iran a few years ago, and I’m happy to say it’s now thriving. We’d like to expand our company in California.

Now that President Joe Biden has eliminated the Muslim ban, is it possible to do that? Is the pandemic still standing in the way? Do you have any suggestions?

— Talented in Tehran

Dear Talented,

Yes, it’s possible! Unfortunately, yes, the COVID-19 pandemic is still making the immigration process a bit challenging, but remember, where there’s a will, there’s most often, in immigration law, a way.

On his first day in office in January, Biden rescinded the ban on visas for many majority-Muslim countries, including Iran. The ban had been in place since 2017 and nearly 42,000 visa applications were denied, according to the U.S. Department of State.

Biden also allowed the bans on the issuance of H-1B, L-1, and J-1 visas and green cards at U.S. embassies and consulates that the previous administration put in place last year to lapse.

That means international startup founders like you and other international talent living outside the United States can start thinking about obtaining these visas and green cards without necessarily requiring exceptions to do so. In a recent podcast episode, I talked about these and other immigration-related changes, as well as those promised by the Biden administration. Take a listen to find out more!

As you probably know, most travelers from Iran are currently not allowed entry into the U.S. because of the COVID-19 travel ban, and most U.S. embassies and consulates are not open for routine visa and green card application processing. Because the United States has not had an embassy or consulate in Iran since the Iran hostage crisis of 1979, you and your co-founders should find out which U.S. embassies or consulates are currently processing routine visa and green card applications — and are in countries that are not on the suspended entry list — and apply there. We’re still waiting for detailed information from the State Department on the equivalent of reparations for individuals who were affected by the Muslim ban.

In addition, I recommend that you consult with an experienced immigration attorney who can help you devise an immigration strategy for yourself, your co-founders and your families based on your personal and professional goals. Now, here are a few options for you to consider.

L-1A visa to open a U.S. office for your startup

Biden admin will share more info with online platforms on ‘front lines’ of domestic terror fight

The Biden administration is outlining new plans to combat domestic terrorism in light of the January 6 attack on the U.S. Capitol and social media companies have their own part to play.

The White House released a new national strategy on countering domestic terrorism Tuesday. The plan acknowledges the key role that online platforms play in bringing violent ideas into the mainstream, going as far as calling social media sites the “front lines” of the war on domestic terrorism.

“The widespread availability of domestic terrorist recruitment material online is a national security threat whose front lines are overwhelmingly private–sector online platforms, and we are committed to informing more effectively the escalating efforts by those platforms to secure those front lines,” the White House plan states.

The Biden administration committed to more information sharing with the tech sector to fight the tide of online extremism, part of a push to intervene well before extremists can organize violence. According to a fact sheet on the new domestic terror plan, the U.S. government will prioritize “increased information sharing with the technology sector,” specifically online platforms where extremism is incubated and organized.

“Continuing to enhance the domestic terrorism–related information offered to the private sector, especially the technology sector, will facilitate more robust efforts outside the government to counter terrorists’ abuse of Internet–based communications platforms to recruit others to engage in violence,” the White House plan states.

In remarks timed with the release of the domestic terror strategy, Attorney General Merrick Garland asserted that coordinating with the tech sector is “particularly important” for interrupting extremists who organize and recruit on online platforms and emphasized plans to share enhanced information on potential domestic terror threats.

In spite of the new initiatives, the Biden administration admits that that domestic terrorism recruitment material will inevitably remain available online, particularly on platforms that don’t prioritize its removal — like most social media platforms, prior to January 2021 — and on end-to-end encrypted apps, many of which saw an influx of users when social media companies cracked down on extremism in the U.S. earlier this year.

“Dealing with the supply is therefore necessary but not sufficient: we must address the demand too,” the White House plan states. “Today’s digital age requires an American population that can utilize essential aspects of Internet–based communications platforms while avoiding vulnerability to domestic terrorist recruitment and other harmful content.”

The Biden administration will also address vulnerability to online extremism through digital literacy programs, including “educational materials” and “skills–enhancing online games” designed to inoculate Americans against domestic extremism recruitment efforts, and presumably disinformation and misinformation more broadly.

The plan stops short of naming domestic terror elements like QAnon and the “Stop the Steal” movement specifically, though it acknowledges the range of ways domestic terror can manifest, from small informal groups to organized militias.

A report from the Office of the Director of National Intelligence in March observed the elevated threat to the U.S. that domestic terrorism poses in 2021, noting that domestic extremists leverage mainstream social media sites to recruit new members, organize in-person events and share materials that can lead to violence.

Tech antitrust crusader Lina Khan is confirmed as FTC commissioner

The Senate confirmed big tech critic and prominent antitrust scholar Lina Khan as FTC Commissioner Tuesday, signaling a new era of scrutiny for the tech industry. Khan was confirmed in a 69-28 vote, with Republicans joining Democrats in a rare show of bipartisan support for Khan’s ideas on reining in tech’s most powerful companies.

An associate law professor at Columbia, Khan’s star rose with the publication of a landmark paper examining how the government’s outdated ways of identifying monopolies have failed to keep up with modern business realities, particularly in tech. In Khan’s view, that regulatory failure has allowed the biggest tech companies to consolidate unprecedented wealth and power, in turn making it even more difficult to regulate them.

President Biden nominated Khan back in March, sending an early message that Biden would not extend the warm relationship big tech companies enjoyed with the White House under former President Obama.

Khan’s confirmation is a sign that the agency will be prioritizing tech antitrust concerns, a priority that will run parallel to Congressional efforts to bolster the FTC’s enforcement powers. The FTC famously imposed a $5 billion fine on Facebook for privacy violations in 2019, but the record-setting fine was only a glancing blow for a company already worth more than $500 billion.

Last week, Congress revealed a long-anticipated package of bipartisan bills that, if passed, would overhaul tech’s biggest businesses and redraw the industry’s rules for years to come.

A previous bill proposed by Sen. Amy Klobuchar would set aside a pool of money that the FTC could use to create a new division for market and merger research, one step toward modernizing antitrust enforcement to keep up with relentless growth from tech’s most powerful giants.

Europe’s tech leaders define a strategy to create tech giants

A group of 200 startup founders, investors, associations and government members are backing a manifesto and a set of recommendations in order to create the next wave of tech giants in Europe. Today, French President Emmanuel Macron is hosting an event in Paris with some of the members of this group called Scale-Up Europe.

Companies, investors and associations that signed the manifesto include Alan, Axel Springer, Bpifrance, Darktrace, Deutsche Startups, Doctolib, Eurazeo, Flixbus, France Digitale, Glovo, La French Tech, N26, OVHcloud, Shift Technology, Stripe, UiPath and Wise.

“To achieve all that, I’ll follow your ambition — 10 technology companies that are worth €100 billion or more by 2030,” Macron said.

That’s an ambitious goal — that’s why Scale-Up Europe has laid out a roadmap and is issuing a report. While it is backed by both private actors and public institutions, it could be considered as a sort of lobbying effort for the European Commission and European governments.

There are a handful of key topics in those recommendations. And it starts with funding. In particular, the group thinks Europe is still lagging behind when it comes to late-stage investments. The biggest VC funds aren’t as big as the biggest VC funds in the U.S. or in China.

The French government has been working on a way to foster late-stage funds and investments in public tech companies in France. “On funding, we’ve seen the success of the Tibi initiative at the French level. We think we should follow that model at the European level,” a source close to Macron told me.

It means that Europe should consider using public funding as a multiplier effect for VC funds. The European Investment Fund is already pouring a lot of money in VC funds. But Scale-Up Europe recommends associating private funds of funds, sharing risk and pooling public investment banks for increased collaboration.

The second topic is foreign talent. Some countries already have a tech worker visa. The group thinks it should be standardized across the European Union with some level of portability for social rights.

A couple of years ago, an open letter called “Not Optional” also highlighted some discrepancies with stock option schemes. Today’s report states once again that some governments should adopt more favorable rules with stock options.

The third topic revolves around deep tech startups. According to the report, Europe isn’t doing enough to foster more deep tech startups and investors. Recommendations include standardizing patent transfer frameworks. Those schemes are important if you want to turn a research project into a company. It also says that the European Innovation Council could also take on a larger role in defining a deep tech roadmap.

Scale-Up Europe then highlights some recommendations to improve relationships between big corporations and startups. These are mostly tax breaks, R&D tax benefits and other fiscal incentives. (I’m personally not convinced there will be more European tech giants if we incentivize acquisitions with tax breaks.)

Finally, the group of investors, founders and government members behind Scale-Up Europe think there should be a European tech mission that works a bit like La French Tech in France. This tech mission could clear regulatory hurdles, promote startups and more.

Overall, those recommendations are mostly focused on making it easier to create — and grow — a startup in Europe. Investors as well as startup employees who hold stock options will be quite pleased to see that it’ll be easier to make money quickly. It’ll be interesting to see whether the European Commission reuses some of these recommendations.

To be fair, those are actionable recommendations. And yet, building a tech giant is a complicated task. Tech giants tend to control a large chunk of their tech stack, including in areas such as cloud hosting, payments, analytics, advertising and artificial intelligence.

Many European startups are currently built on APIs, frameworks and platforms that are built in the U.S. or in China. Scale-Up Europe misses the point on this front. Scaling European startups isn’t a gold rush. It’s a long process that requires continuous investments that start from the bottom of the tech stack and moves upward.

UK’s CMA opens market study into Apple, Google’s mobile “duopoly”

The UK’s competition watchdog will take a deep dive look into Apple and Google’s dominance of the mobile ecosystem, it said today — announcing a market study which will examine the pair’s respective smartphone platforms (iOS and Android); their app stores (App Store and Play Store); and web browsers (Safari and Chrome). 

The Competition and Markets Authority (CMA) is concerned that the mobile platform giants’ “effective duopoly” in those areas  might be harming consumers, it added.

The study will be wide ranging, with the watchdog concerns about the nested gateways that are created as a result of the pair’s dominance of mobile ecosystem — intermediating how consumers can access a variety of products, content and services (such as music, TV and video streaming; fitness tracking, shopping and banking, to cite some of the examples provided by the CMA).

“These products also include other technology and devices such as smart speakers, smart watches, home security and lighting (which mobiles can connect to and control),” it went on, adding that it’s looking into whether their dominance of these pipes is “stifling competition across a range of digital markets”, saying too that it’s “concerned this could lead to reduced innovation across the sector and consumers paying higher prices for devices and apps, or for other goods and services due to higher advertising prices”.

The CMA further confirmed the deep dive will examine “any effects” of the pair’s market power over other businesses — giving the example of app developers who rely on Apple or Google to market their products to customers via their smart devices.

The watchdog already has an open investigation into Apple’s App Store, following a number of antitrust complaints by developers.

It is investigating Google’s planned depreciation of third party tracking cookies too, after complaints by adtech companies and publishers that the move could harm competition. (And just last week the CMA said it was minded to accept a series of concessions offered by Google that would enable the regulator to stop it turning off support for cookies entirely if it believes the move will harm competition.)

The CMA said both those existing investigations are examining issues that fall within the scope of the new mobile ecosystem market study but that its work on the latter will be “much broader”.

It added that it will adopt a joined-up approach across all related cases — “to ensure the best outcomes for consumers and other businesses”.

It’s giving itself a full year to examine Gapple’s mobile ecosystems.

It is also soliciting feedback on any of the issues raised in its statement of scope — calling for responses by 26 July. The CMA added that it’s also keen to hear from app developers, via its questionnaire, by the same date.

Taking on tech giants

The watchdog has previously scrutinized the digital advertising market — and found plenty to be concerned about vis-a-vis Google’s dominance there.

That earlier market study has been feeding the UK government’s plan to reform competition rules to take account of the market-deforming power of digital giants. And the CMA suggested the new market study, examining ‘Gapple’s’ mobile muscle, could similarly help shape UK-wide competition law reforms.

Last year the UK announced its plan to set up a “pro-competition” regime for regulating Internet platforms — including by establishing a dedicated Digital Markets Unit within the CMA (which got going earlier this year).

The legislation for the reform has not yet been put before parliament but the government has said it wants the competition regulator to be able to “proactively shape platforms’ behavior” to avoid harmful behavior before it happens” — saying too that it supports enabling ex ante interventions once a platform has been identified to have so-called “strategic market status”.

Germany already adopted similar reforms to its competition law (early this year), which enable proactive interventions to tackle large digital platforms with what is described as “paramount significance for competition across markets”. And its Federal Cartel Office has, in recent months, wasted no time in opening a number of proceedings to determine whether Amazon, Google and Facebook have such a status.

The CMA also sounds keen to get going to tackle Internet gatekeepers.

Commenting in a statement, CEO Andrea Coscelli said:

“Apple and Google control the major gateways through which people download apps or browse the web on their mobiles – whether they want to shop, play games, stream music or watch TV. We’re looking into whether this could be creating problems for consumers and the businesses that want to reach people through their phones.

“Our ongoing work into big tech has already uncovered some worrying trends and we know consumers and businesses could be harmed if they go unchecked. That’s why we’re pressing on with launching this study now, while we are setting up the new Digital Markets Unit, so we can hit the ground running by using the results of this work to shape future plans.”

The European Union also unveiled its own proposals for clipping the wings of big tech last year — presenting its Digital Markets Act plan in December which will apply a single set of operational rules to so-called “gatekeeper” platforms operating across the EU.

The clear trend in Europe on digital competition is toward increasing oversight and regulation of the largest platforms — in the hopes that antitrust authorities can impose measures that will help smaller players thrive.

Critics might say that’s just playing into the tech giants’ hands, though — because it’s fiddling around the edges when more radical intervention (break ups) are what’s really needed to reboot captured markets.

Apple and Google were contacted for comment on the CMA’s market study.

A Google spokesperson said: “Android provides people with more choice than any other mobile platform in deciding which apps they use, and enables thousands of developers and manufacturers to build successful businesses. We welcome the CMA’s efforts to understand the details and differences between platforms before designing new rules.”

According to Google, the Android App Economy generated £2.8BN in revenue for UK developers last year, which it claims supported 240,000 jobs across the country — citing a Public First report that it commissioned.

The tech giant also pointed to operational changes it has already made in Europe, following antitrust interventions by the European Commission — such as adding a choice screen to Android where users can pick from a list of alternative search engines.

Earlier this month it agreed to shift the format underlying that choice screen from an unpopular auction model to free participation.

The US should welcome refugees on humanitarian terms, not just economic ones

In December 1991, about 20 days before the Soviet Union formally disintegrated, my family landed in San Francisco as religious refugees fleeing persecution. I was a 9-year-old kid who had just experienced his first airplane trip and was utterly mesmerized by the skyscrapers of the city’s skyline as we drove past. It felt like arriving into the future.

My parents had almost nothing to their names. No degrees or specialized skills. Not a word of English. Only a few hundred dollars in cash from selling most of our possessions in Russia. They had just learned that half of our “luggage” — makeshift bags that were hand-sewn by my mother out of used floor rugs — was lost in transit.

Our journey wasn’t made possible by some employer seeking specialized labor, nor by a merit assessment that deemed our family as economically valuable immigrants. Instead, it was made possible by many Americans seeing inherent value in human beings seeking a better life. From people who wrote letters to Congress to increase refugee quotas, to sponsoring families who shared their homes and paychecks and lives to support arriving families, to organizations like World Relief, which funded unsecured loans to pay for airline tickets for those who couldn’t afford them — all did their part with no expectation of economic gain.

I worry that outlier success stories — especially those that are filled with considerable luck and privilege like mine — can send the wrong message.

Integration into life in the United States wasn’t easy. Our family had to rely on welfare for several years as our parents learned English in night classes and attempted many different ways to make a living for our family of eight. Not being able to find a full-time job, my father tried every mail-order contract gig he could learn about — from cutting out thousands of leather pieces for shoes to soldering electronic boards to order to translation of documents from English to Russian. Eventually, he started his own business repairing and maintaining computers.

In every moment, I saw my parents seeking to pay back what others had selflessly done for us. They taught me there’s dignity to doing good work, even if it’s work that others don’t find glamorous. Even a decade later, our family was still barely scraping by financially. As I was applying to colleges as a senior in high school, our entire family would pack up our minivan on most evenings after dinner to clean dental clinics to make ends meet.

This is the point in my tale where it might make the most sense to insert my own story of living out a wildly unbelievable version of the American dream — especially for a refugee.

I could tell you how after college I co-founded Webflow, a no-code software development company that employs nearly 300 people and is now valued at over $2 billion. And how stories like mine are the reason why we should open our doors to more refugees to come to the United States.

However, I worry that outlier success stories — especially those that are filled with considerable luck and privilege like mine — can send the wrong message. These tales can imply that the value and worth of immigrants and refugees are primarily economic. I worry that especially now, at a time when immigration has become a politically polarizing issue in this country, the conversation about the value of immigrants will continue shifting toward being purely merit-based.

Too often, if “merit” is the criterion, human beings are seen as worthy of joining our country if and only if they’re the “best of the best” or the “cream of the crop” in some skill or industry. In such cases, people are judged solely by how much economic value they can create in the short term.

Yes, merit-based immigration has an important place in our economy to solve shorter-term skill gaps in various industries. But if we only focus on that, I believe that our nation will have lost an important part of its character and heritage. We shouldn’t reduce our efforts to offer a safe haven to people whose lives are threatened back home. Turning our backs on the most vulnerable only to focus on the most economically advantageous would betray the spirit of what I believe makes the United States a beacon of hope and opportunity for so many people.

The good news is that you can get outsized economic benefits in the longer term by accepting more refugees. I know this because for every startup founder story like mine, there are hundreds of thousands of hard-working refugees who needed some help at first but are now contributing massively to our tax base as nurses, doctors, lawyers, firefighters and business owners. In fact, refugees have the highest rate of entrepreneurship.

After experiencing hardship and oppression in their originating countries, refugees have unparalleled drive to make a better living for themselves, their families and their communities — which helps lift our entire economy.

My hope is that more people are given this kind of opportunity and that more industry leaders will start to advocate for immigration on humanitarian terms — not just economic ones. It will make our economy stronger in the end.

When given the chance to live freely without fearing for our lives, my family and so many others like us will work harder than most to contribute to society. Why? Because we feel a deep sense of gratitude to a nation that welcomed and accepted us because of, first and foremost, who we are as human beings.

Google won’t end support for tracking cookies unless UK’s competition watchdog agrees

Well this is big. The UK’s competition regulator looks set to get an emergency brake that will allow it to stop Google ending support for third party cookies, a technology that’s currently used for targeting online ads, if it believes competition would be harmed by the depreciation going ahead.

The development follows an investigation opened by the Competition and Markets Authority (CMA) into Google’s self-styled ‘Privacy Sandbox’ earlier this year.

The regulator will have the power to order a standstill of at least 60 days on any move by Google to remove support for cookies from Chrome if it accepts a set of legally binding commitments the latter has offered — and which the regulator has today issued a notification of intention to accept.

The CMA could also reopen a fuller investigation if it’s not happy with how things are looking at the point it orders any standstill to stop Google crushing tracking cookies.

It follows that the watchdog could also block Google’s wider ‘Privacy Sandbox’ technology transition entirely — if it decides the shift cannot be done in a way that doesn’t harm competition. However the CMA said today it takes the “provisional” view that the set of commitments Google has offered will address competition concerns related to its proposals.

It’s now opened a consultation to see if the industry agrees — with the feedback line open until July 8.

Commenting in a statement, Andrea Coscelli, the CMA’s chief executive, said:

“The emergence of tech giants such as Google has presented competition authorities around the world with new challenges that require a new approach.

“That’s why the CMA is taking a leading role in setting out how we can work with the most powerful tech firms to shape their behaviour and protect competition to the benefit of consumers.

“If accepted, the commitments we have obtained from Google become legally binding, promoting competition in digital markets, helping to protect the ability of online publishers to raise money through advertising and safeguarding users’ privacy.”

In a blog post sketching what it’s pledged — under three broad headlines of ‘Consultation and collaboration’; ‘No data advertising advantage for Google products’; and ‘No self-preferencing’ — Google writes that if the CMA accepts its commitments it will “apply them globally”, making the UK’s intervention potentially hugely significant.

It’s perhaps one slightly unexpected twist of Brexit that it’s put the UK in a position to be taking key decisions about the rules for global digital advertising. (The European Union is also working on new rules for how platform giants can operate but the CMA’s intervention on Privacy Sandbox does not yet have a direct equivalent in Brussels.)

That Google is choosing to offer to turn a UK competition intervention into a global commitment is itself very interesting. It may be there in part as an added sweetener — nudging the CMA to accept the offer so it can feel like a global standard setter.

At the same time, businesses do love operational certainty. So if Google can hash out a set of rules that are accepted by one (fairly) major market, because they’ve been co-designed with national oversight bodies, and then scale those rules everywhere it may create a shortcut path to avoiding any more regulator-enforced bumps in the future.

So Google may see this as a smoother path toward the sought for transition for its adtech business to a post-cookie future. Of course it also wants to avoid being ordered to stop entirely.

More broadly, engaging with the fast-paced UK regulator could be a strategy for Google to try to surf over the political deadlocks and risks which can characterize discussions on digital regulation in other markets (especially its home turf of the U.S. — where there has been a growing drumbeat of calls to break up tech giants; and where Google specifically now faces a number of antitrust investigations).

The outcome it may be hoping for is being able to point to regulator-stamped ‘compliance’ — in order that it can claim it as evidence there’s no need for its ad empire to be broken up.

Google’s offering of commitments also signifies that regulators who move fastest to tackle the power of tech giants will be the ones helping to define and set the standards and conditions that apply for web users everywhere. At least unless or until any more radical interventions rain down on big tech.

What is Privacy Sandbox?

Privacy Sandbox is a complex stack of interlocking technology proposals for replacing current ad tracking methods (which are widely seen as horrible for user privacy) with alternative infrastructure that Google claims will be better for individual privacy and also still allow the adtech and publishing industries to generate (it claims much the same) revenue by targeting ads at cohorts of web users — who will be put into ‘interest buckets’ based on what they look at online.

The full details of the proposals (which include components like FLoCs, aka Google’s proposed new ad ID based on federated learning of cohorts; and Fledge/Turtledove, Google’s suggested new ad delivery technology) have not yet been set in stone.

Nonetheless, Google announced in January 2020 that it intended to end support for third party cookies within two years — so that rather nippy timeframe has likely concentrated opposition, with pushback coming from the adtech industry and (some) publishers who are concerned it will have a major impact on their ad revenues when individual-level ad targeting goes away.

The CMA began to look into Google’s planned depreciating of tracking cookies after complaints that the transition to a new infrastructure of Google’s devising will merely increase Google’s market power — by locking down third parties’ ability to track Internet users for ad targeting while leaving Google with a high dimension view of what people get up to online as a result of its expansive access to first party data (gleaned through its dominance for consumer web services).

The executive summary of today’s CMA notice lists its concerns that, without proper regulatory oversight, Privacy Sandbox might:

  • distort competition in the market for the supply of ad inventory and in the market for the supply of ad tech services, by restricting the functionality associated with user tracking for third parties while retaining this functionality for Google;
  • distort competition by the self-preferencing of Google’s own advertising products and services and owned and operated ad inventory; and
  • allow Google to exploit its apparent dominant position by denying Chrome web users substantial choice in terms of whether and how their personal data is used for the purpose of targeting and delivering advertising to them.

At the same time, privacy concerns around the ad tracking and targeting of Internet users are undoubtedly putting pressure on Google to retool Chrome (which ofc dominates web browser marketshare) — given that other web browsers have been stepping up efforts to protect their users from online surveillance by doing stuff like blocking trackers for years.

Web users hate creepy ads — which is why they’ve been turning to ad blockers in droves. Numerous major data scandals have also increased awareness of privacy and security. And — in Europe and elsewhere — digital privacy regulations have been toughened up or introduced in recent years. So the line of ‘what’s acceptable’ for ad businesses to do online has been shifting.

But the key issue here is how privacy and competition regulation interacts — and potentially conflicts — with the very salient risk that ill-thought through and overly blunt competition interventions could essentially lock in privacy abuses of web users (as a result of a legacy of weak enforcement around online privacy, which allowed for rampant, consent-less ad tracking and targeting of Internet users to develop and thrive in the first place).

Poor privacy enforcement coupled with banhammer-wielding competition regulators does not look like a good recipe for protecting web users’ rights.

However there is cautious reason for optimism here.

Last month the CMA and the UK’s Information Commissioner’s Office (ICO) issued a joint statement in which they discussed the importance of having competition and data protection in digital markets — citing the CMA’s Google Privacy Sandbox probe as a good example of a case that requires nuanced joint working.

Or, as they put it then: “The CMA and the ICO are working collaboratively in their engagement with Google and other market participants to build a common understanding of Google’s proposals, and to ensure that both privacy and competition concerns can be addressed as the proposals are developed in more detail.”

Although the ICO’s record on enforcement against rights-trampling adtech is, well, non-existent. So its preference for regulatory inaction in the face of adtech industry lobbying should off-set any quantum of optimism derived from the bald fact of the UK’s privacy and competition regulators’ ‘joint working’.

(The CMA, by contrast, has been very active in the digital space since gaining, post-Brexit, wider powers to pursue investigations. And in recent years took a deep dive look at competition in the digital ad market, so it’s armed with plenty of knowledge. It is also in the process of configuring a new unit that will oversee a pro-competition regime which the UK explicitly wants to clip the wings of big tech.)

What has Google committed to?

The CMA writes that Google has made “substantial and wide-ranging” commitments vis-a-vis Privacy Sandbox — which it says include:

  • A commitment to develop and implement the proposals in a way that avoids distortions to competition and the imposition of unfair terms on Chrome users. This includes a commitment to involve the CMA and the ICO in the development of the Proposals to ensure this objective is met.
  • Increased transparency from Google on how and when the proposals will be taken forward and on what basis they will be assessed. This includes a commitment to publicly disclose the results of tests of the effectiveness of alternative technologies.
  • Substantial limits on how Google will use and combine individual user data for the purposes of digital advertising after the removal of third-party cookies.
  • A commitment that Google will not discriminate against its rivals in favour of its own advertising and ad-tech businesses when designing or operating the alternatives to third-party cookies.
  • A standstill period of at least 60 days before Google proceeds with the removal of third party cookies giving the CMA the opportunity, if any outstanding concerns cannot be resolved with Google, to reopen its investigation and, if necessary, impose any interim measures necessary to avoid harm to competition.

Google also writes that: “Throughout this process, we will engage the CMA and the industry in an open, constructive and continuous dialogue. This includes proactively informing both the CMA and the wider ecosystem of timelines, changes and tests during the development of the Privacy Sandbox proposals, building on our transparent approach to date.”

“We will work with the CMA to resolve concerns and develop agreed parameters for the testing of new proposals, while the CMA will be getting direct input from the ICO,” it adds.

Google’s commitments cover a number of areas directly related to competition — such as self-preferencing, non-discrimination, and stipulations that it will not combine user data from specific sources that might give it an advantage vs third parties.

However privacy is also being explicitly baked into the competition consideration, here, per the CMA — which writes that the commitments will [emphasis ours]:

Establish the criteria that must be taken into account in designing, implementing and evaluating Google’s Proposals. These include the impact of the Privacy Sandbox Proposals on: privacy outcomes and compliance with data protection principles; competition in digital advertising and in particular the risk of distortion to competition between Google and other market participants; the ability of publishers to generate revenue from ad inventory; and user experience and control over the use of their data.

An ICO spokeswoman was also keen to point out that one of the first commitments obtained from Google under the CMA’s intervention “focuses on privacy and data protection”.

In a statement, the data watchdog added:

“The commitments obtained mark a significant moment in the assessment of the Privacy Sandbox proposals. They demonstrate that consumer rights in digital markets are best protected when competition and privacy are considered together.

“As we outlined in our recent joint statement with the CMA, we believe consumers benefit when their data is used lawfully and responsibly, and digital innovation and competition are supported. We are continuing to build upon our positive and close relationship with the CMA, to ensure that consumer interests are protected as we assess the proposals.”

This development in the CMA’s investigation raises plenty of questions, large and small — most pressingly over the future of key web infrastructure and what the changes being hashed out here between Google and UK regulators might mean for Internet users everywhere.

The really big issue is whether ‘co-design’ with oversight bodies is the best way to fix the market power imbalance flowing from a single tech giant being able to combine massive dominance in consumer digital services with duopoly dominance in adtech.

Others would say that breaking up Google’s consumer tech and Google’s adtech is the only way to fix the abuse — and eveything else is just fiddling while Rome burns.

Google, for instance, is still in charge of proposing the changes itself — regardless of how much pre-implementation consultation and tweaking goes on. It’s still steering the ship and there are plenty of people who believe that’s not an acceptable governance model for the open web.

But, for now at least, the CMA wants to try to fiddle.

It should be noted that, in parallel, the UK government and CMA are speccing out a wider pro-competition regime that could result in deeper interventions into how Google and other platform giants operate in the future. So more interventions are all but guaranteed.

For now, though, Google is probably feeling pretty happy for the opportunity to work with UK regulators. If it can pull oversight bodies deep down in the detail of the changes it wants to make that’s likely a far more comfortable spot for Mountain View vs being served with an order to break its business up — something the CMA has previously taken feedback on.

Google has been contacted with questions on its Privacy Sandbox commitments.