 Hello and welcome to my talk on the regulation of the internal platforms in Europe. So, first of all, a couple of words about me. My name is Vittorio Bartola, I'm the head of policy for open exchange, which is a German open source software company, we make Davcott and Power DNS. And today I would like to introduce you to the new proposals for regulating the internal platforms that have just been presented by the European Commission. But first of all, I'd like to explain why they have been presented and so what's the analysis of the scenario which is pretty common in Brussels and among European politicians. And it's what I call the Hotel California. So, when the internet was started in its first early decades, it had success, exactly because of this model of inter operation and interconnection between networks and between services. So, the example of how the services were initially made over the internet is email. Email is an interoperable service. You can get an email address from any provider you like, and that is enough for you to communicate with any other email user of the world, independently from which applications they use which provider they use which and anyone can offer email services, all the standards are open or public, there are many free software implementations, it's actually very easy for anyone to start email services. And this is what happened and what allowed the internet to grow so quickly and it's not just about email, the web initially was made in the same way. And this is what unleashed the power of growth of the internet. But then something happened. The internet became a mass media became the object of consumer services and a lot of money started to revolve around it. And so consolidation started to happen and a few companies started to become bigger and bigger. And we ended up in very concentrated situations. So for example, after the smartphones came I mean the smartphones market is now very concentrated. You only have a choice between two operating systems, either it's Google Android or it's Apple's iOS. And even in terms of the apps there are millions of apps but in the end, the ones that use more frequently are often owned by the same company like Facebook for social media messaging apps. And the move to the cloud also has the same issue. The cloud market is quite concentrated. Actually the biggest players have well over half of the market and you see there are always the same companies and also some of the Chinese companies are now coming. So these are just a few examples but in the end now we are in a situation in which the tech companies became so big that they reached the size that was never seen in the history of mankind before. So there have been tech companies, I mean very big tech companies in the past, but it never happened that the five most valuable listed companies in the world were five tech companies. And in 2019 they went over the $1 trillion mark in market capitalization, which is amazing, but it's continuing to grow. So this was about two weeks ago and Apple was already well over the $2 trillion mark. And $2 trillion is more than any EU countries GDP except for France and Germany. So these companies are now bigger than most European countries. And this is scaring European politicians. So this is seen as a problem. For example, I mean to show how this actually affects European budgets. This is a chart showing the advertising revenues of Google from Italy in 2018. It's estimated that over 700 million euros were the revenues of Google from advertising in Italy, but then less than five million euros went back to Italy under the form of taxes. And all this money is being brought to Ireland and then from Ireland it's being brought to the global headquarters and it goes there. And so there's very little return for Europe on this. And on the other hand, what you see is that the price, the median house price for a house in San Francisco has grown by 2.5 times in seven years. So you really see all these wealths being taken away from Europe and from other parts of the world and moving into this very small part of the US being concentrated there. And this is not something that Europe can accept. It's becoming a threat to the economic stability of Europe itself. So this is what we call Hotel California, because you can check out any time you like, but you can never leave because all the services are owned by these companies and they adopt the business practices that make it very hard for you to move to something different and make it very hard for any new possible competitor to grow and actually succeeding competing with them. They adopt business practices that make this very hard and they build walled gardens that keep you locked in. And as an example of these, I mean the good example is instant messaging, especially if you compare it with email is the messaging is built around walled gardens. So you actually need to have several apps because if you want to speak to exchange messages with WhatsApp users, then you need to use WhatsApp, but then you also need to have messenger to communicate with messenger users, and then Skype for Skype users and telegram and so on. And so you have to handle a plethora of applications and accounts and this is inconvenient. But more importantly, you cannot move. So you don't really have a choice. If you want to move to a different apps, you lose your contacts and use your history. And this makes it harder for new competition to emerge because even if you can start a new instant messaging, even a best possible instant messaging, much better than the existing ones, then people won't bother trying it. And even if you convince one to try it, then there would be no other users. So they would not be able to exchange messages with anyone else because all the users are still on the other service. And so this is built in a way that forces users to stay there and basically stifles competition and innovation as well. And so once these control positions are built, we've seen from Europe more and more examples of how this is leading to things that we don't like. So we've seen the Huawei case, for example, in which Huawei was suddenly shut out of, I mean, basically using Google Android. And that's actually an example of something that happened not just because of the company, but because of the fact the company was located in a specific other country outside of Europe. There's a president at the time decided to force them to do this. And this is a risk which is unacceptable for Europe and for its companies. On the other hand, I mean, sometimes it's the company that forces you I mean, Apple is known so that if you have an app and wanted to do on the app store, then if the app sells something you must use Apple's payment system and give them 30% and you don't have a choice about this. And then there's an issue with startups with the big platforms buying out European startups before they can actually become big and continue to stay here and compete and create wealth and jobs here. There is a big concern in Europe around surveillance capitalism Europe with GDPR has been trying to stop this. But I mean, these big platforms, many of them make most of the revenues from target advertising, like Google, like Facebook, even Microsoft makes money out of being advertising like billions of dollars. And even for the non personal data, I mean that these these companies are amassing amounts of data that put them at an advantage in competing with everyone else just by I mean the fact that they can aggregate the information that they acquire by by tracking people. And so they make it hard for other people to offer the same services successfully. Then there were there were situations that have again concerned the European politicians, the NSA scandal was a big scandal in Europe as well, because it affected also Angela Merkel and other politicians. And so that's when they realized that relying on technology and services that are provided by companies before in companies outside of Europe. I mean, is a strategic list to national security. And there's a concern about the encryption now because the end when the clip from is a good thing it lacks your privacy but then it makes also very hard even for users themselves to control what's happening. And so I mean, if you couple this with the Internet or things we're building the Internet rather people's things. We are filling our homes with objects and home assets and smart TVs. These devices send back encrypted data at the time you have no idea what they are sending back or where they are sending it. And I mean it's very hard to enforce the laws because I mean the services are being provided from outside of Europe. And so we are creating a situation in which the user and even the local authorities have really no control over what's happening about the data. And the most recent cases that created concerns again were high profile situations like last year's coronavirus apps when Google and Apple basically decided for everyone for all European countries how this should be made technically but also in terms of policy. And there were some countries especially France that were really not happy about this. They want to do to do things in a different way and they, and then they, they were faced with the choice of either doing like Google wanted and Apple. Or I mean being having a hard time in making things actually work. And so this was deemed unacceptable by several of these countries, even if they had to put up with it. And finally very recently there's been the Trump bank case and Angela Merkel through her spokesperson has actually spoken about that and expressed concern because I mean no matter what you think actually what happened. The idea that a private American company can silence a ruling politician elected politician of a Western country is considered really unacceptable and scary in Europe. So what's happening about this and this is how Europe is trying to run for the door and change this situation. So there's been a lot of talk in the last couple of years in Brussels and mostly other capitals like Berlin and Paris about digital sovereignty. So that's the term of art now. This term means that different things to different people in different countries. So in Germany, it's more about the digital autonomy. It's more about having local European services and so that the data stay in Europe are measured by European companies under European law. And that there's the capacity to survive any kind of embargo or commercial problem with the US and with China. So that actually the national economy and the national technological platform can survive even international problems. For the French, it's really more about sovereignty. So about controlling the internet being able to make rules and enforce them and deciding for example issues around content and checking what's going on over the internet. So all these different things go under this term of digital sovereignty and there's a number of the questions that are being made in different terms. But this is also of course different people in countries have slightly different views, but more or less summarizing this is a longer list of what Europe expects from the big tech. So first of all pay taxes here and don't bring all the wealth somewhere else and stop tracking the citizens share the data. Don't steal startups don't kill competition so don't adopt these locking practices and exploit the dominant positions and stop spreading the fake news and especially making money out of fake news and harmful content and bad stuff that's all over the place. Don't silence people so that we won't guarantees about me free speech in real terms. And also there's the discussion around encryption and about lawful interception of encrypted communications which is also very delicate discussion that's going on. So some of these requests that will be addressed by the regulations we are going to talk about but first of all, since we are at first and I'd like to point out that open source is also part of this picture. I mean, the open source actually fits the European policy because I mean often Europeans are told I mean you should just develop your own Google. If you don't develop a Google that's because you're bad you're not good at creating companies so too bad for you. But it's really different because Europe is not a monolith it's an archipelago of countries or markets and it works really by horizontal cooperation at any level. And so this is why naturally doesn't produce guidance it produces alliances of smaller companies. And this is really the model of open source. I mean interconnection and peer to peer cooperation around the common open standards. And this is why the European policies are more and more promoting the funding open source and choosing open source at the model. And so, well open source the open source movement is putting the technology and the standards and the experience in cooperation. And Europe is putting the rules to the funding and trying to defend the rights and the opportunities for the open source movement as well. And so this is why you will see open source quoted a lot in the European press releases. So, now finally we can get to the three proposals that they wanted to talk about very quickly. I mean, the first one is the so-called digital services sector and it's the one focusing on content, accountability, advertising and moderation and so on. The digital market set is more about competition. It was originally called the new competition tool to address situations of market failures that are not really falling into traditional competition law. It's about business practices and it's about interoperability as we will see. And finally, there's the data governance act, which is really about access to public data. So now these are just proposals that the first drafts have been released by the European Commission. They're up for discussion. They will still have to go through the European Parliament. It will still take at least a couple of years for them to be approved if they ever get approved. So it's really the time to discuss them. So the digital services act is basically the old e-commerce directive. So it's restating at holding the original merc conduit principle that says that intermediaries are not responsible for the content they transmit on behalf of the users. But it's putting conditions on that now. So first of all, there's a GDPR style global rich clothes so that even non-European companies, if they do business in Europe are affected by these rules. And there are additional requirements for the online platforms which are platforms that disseminate user provided content or sell user provided goods. And these platforms are required to provide the course mechanisms against their decisions to identify their business customers to rely upon trusted flaggers to take them content promptly when necessary. And there are additional clauses for very large online platforms which are the ones that have over 45 million users. They're about transparency and accountability of algorithms of moderation procedures. They're about risk management for manipulation, also foreign manipulation. They're about giving choice about content recommendation and correction algorithms and so on. The digital market sector, as I said, is more about business users for two sided market platforms like Amazon. It protects the gatekeeping online platforms, so 45 million consumers but also 6.5 billion euros of annual turnover in the union and at least three European countries. It's basically a new anti-trust instrument for the digital age for situations that don't fall under traditional dominant position definitions but still are deemed to affect competition. This is where I wanted to focus more precisely on interoperability because I mean, part of the digital market is just about forbidding very basic practices that are deemed to be negative for everyone except for the platform. For example, mandatory bundling of services forcing you to use more than one service and integrate the data across the services, or best price clauses that force you to offer the best possible price through the platform, clauses that prevent you from going to court with the platform, and other things like that. So there's a sort of list of prohibited practice. But then there's another article which is about things that are to be better specified and interoperability is one of them. So why is interoperability important? Because I mean, to get back to where we started, it's the original principle of services and we think that services like email that were built around interoperability mean, offer much more choice and competition and opportunities for privacy than the most recent instant messaging services. So we think that even for these newer services, the dominant platform, the dominant players should be required to interoperate with competitors and allow third party applications to exchange messages with their users through common interfaces. And this would allow users to choose to choose any app and service provider they like. And also it would allow new entrants to propose new applications and actually have a chance of succeeding in competition, because then users could actually try these new apps and still continue discussing with their existing contacts on the old applications. And so this would enable European competition, European companies to grow and keep wealth and jobs here and promote private services because if users could choose, they would not be forced to accept unilateral terms and conditions by these platforms, which are often pretty negative for the users. They would be able to pick the most privacy friendly services. So there are some interoperability clauses in the draft of the DNA. There's basically one that says that business users have a right to interoperate, but only for auxiliary services. Auxiliary services are, for example, payments or logins and identification services or advertising services, but not for the core services. So this is just about this in separate auxiliary services. And there is a clause also on portability, which was possibly introduced with the hope that, I mean, by giving you real time portability, you could build a third party app that in real time gets your new messages from the existing app. This is not a solution for the problem because this model of interoperability would require you to still maintain an account on the existing dominant service. And so it would require you to accept their terms and conditions and give up your privacy and your data. So we think that this is not really a solution. So this is why as part of a coalition of NGOs and European companies of the messaging space, we are really trying to ask for true interoperability to be added into the DNA and to be required to dominant platforms. Not just for business users, but interoperability and fair competition and choice should be available to all European citizens. And interoperability should be mandated for all core consumer services starting from messaging and social media, not just for the auxiliary ones. So these are the requests that we have been doing and I'm glad I could share them here. And of course we are happy to, we hope to create some discussion around this in the community, and I'm happy to take questions. So thank you for your attention.