Currently, ChatGPT does not repeat these horrible false claims about Holmen in outputs. A more recent update apparently fixed the issue, as “ChatGPT now also searches the Internet for information about people, when it is asked who they are,” Noyb said. But because OpenAI had previously argued that it cannot correct information—it can only block information—the fake child murderer story is likely still included in ChatGPT’s internal data. And unless Holmen can correct it, that’s a violation of the GDPR, Noyb claims.
“While the damage done may be more limited if false personal data is not shared, the GDPR applies to internal data just as much as to shared data,” Noyb says.
OpenAI may not be able to easily delete the data
Holmen isn’t the only ChatGPT user who has worried that the chatbot’s hallucinations might ruin lives. Months after ChatGPT launched in late 2022, an Australian mayor threatened to sue for defamation after the chatbot falsely claimed he went to prison. Around the same time, ChatGPT linked a real law professor to a fake sexual harassment scandal, The Washington Post reported. A few months later, a radio host sued OpenAI over ChatGPT outputs describing fake embezzlement charges.
In some cases, OpenAI filtered the model to avoid generating harmful outputs but likely didn’t delete the false information from the training data, Noyb suggested. But filtering outputs and throwing up disclaimers aren’t enough to prevent reputational harm, Noyb data protection lawyer, Kleanthi Sardeli, alleged.
“Adding a disclaimer that you do not comply with the law does not make the law go away,” Sardeli said. “AI companies can also not just ‘hide’ false information from users while they internally still process false information. AI companies should stop acting as if the GDPR does not apply to them, when it clearly does. If hallucinations are not stopped, people can easily suffer reputational damage.”
The European Commission is not backing down from efforts to rein in Big Tech. In a series of press releases today, the European Union’s executive arm has announced actions against both Apple and Google. Regulators have announced that Apple will be required to open up support for non-Apple accessories on the iPhone, but it may be too late for Google to make changes. The commission says the search giant has violated the Digital Markets Act, which could lead to a hefty fine.
Since returning to power, Donald Trump has railed against European regulations that target US tech firms. In spite of rising tensions and tough talk, the European Commission seems unfazed and is continuing to follow its more stringent laws, like the Digital Markets Act (DMA). This landmark piece of EU legislation aims to make the digital economy more fair. Upon coming into force last year, the act labeled certain large tech companies, including Apple and Google, as “gatekeepers” that are subject to additional scrutiny.
Europe’s more aggressive regulation of Big Tech is why iPhone users on the continent can install apps from third-party app markets while the rest of us are stuck with the Apple App Store. As for Google, the European Commission has paid special attention to search, Android, and Chrome, all of which dominate their respective markets.
Apple’s mobile platform plays second fiddle to Android in Europe, but it’s large enough to make the company subject to the DMA. The EU has now decreed that Apple is not doing enough to support interoperability on its platform. As a result, it will be required to make several notable changes. Apple will have to provide other companies and developers with improved access to iOS for devices like smartwatches, headphones, and TVs. This could include integration with notifications, faster data transfers, and streamlined setup.
The commission is also forcing Apple to release additional technical documentation, communication, and notifications for upcoming features for third parties. The EU believes this change will encourage more companies to build products that integrate with the iPhone, giving everyone more options aside from Apple’s.
Regulators say both sets of measures are the result of a public comment period that began late last year. We’ve asked Apple for comment on this development but have not heard back as of publication time. Apple is required to make these changes, and failing to do so could lead to fines. However, Google is already there.
In South Korea, where AI-generated deepfake porn has been criminalized, an “emergency” was declared and hundreds were arrested, mostly teens. But most countries don’t yet have clear laws banning AI sex images of minors, and Europol cited this fact as a challenge for Operation Cumberland, which is a coordinated crackdown across 19 countries lacking clear guidelines.
“Operation Cumberland has been one of the first cases involving AI-generated child sexual abuse material (CSAM), making it exceptionally challenging for investigators, especially due to the lack of national legislation addressing these crimes,” Europol said.
European Union member states are currently mulling a rule proposed by the European Commission that could help law enforcement “tackle this new situation,” Europol suggested.
Catherine De Bolle, Europol’s executive director, said police also “need to develop new investigative methods and tools” to combat AI-generated CSAM and “the growing prevalence” of CSAM overall.
For Europol, deterrence is critical to support efforts in many EU member states to identify child sex abuse victims. The agency plans to continue to arrest anyone discovered producing, sharing, and/or distributing AI CSAM while also launching an online campaign to raise awareness that doing so is illegal in the EU.
That campaign will highlight the “consequences of using AI for illegal purposes,” Europol said, by using “online messages to reach buyers of illegal content” on social media and payment platforms. Additionally, the agency will apparently go door-to-door and issue warning letters to suspects identified through Operation Cumberland or any future probe.
It’s unclear how many more arrests could be on the horizon in the EU, but Europol disclosed that 273 users of the Danish suspect’s online network were identified, 33 houses were searched, and 173 electronic devices have been seized.
And perhaps in a nod to Meta’s recent changes, Mastodon also vowed to “invest deeply in trust and safety” and ensure “everyone, especially marginalized communities,” feels “safe” on the platform.
To become a more user-focused paradise of “resilient, governable, open and safe digital spaces,” Mastodon is going to need a lot more funding. The blog called for donations to help fund an annual operating budget of $5.1 million (5 million euros) in 2025. That’s a massive leap from the $152,476 (149,400 euros) total operating expenses Mastodon reported in 2023.
Other social networks wary of EU regulations
Mastodon has decided to continue basing its operations in Europe, while still maintaining a separate US-based nonprofit entity as a “fundraising hub,” the blog said.
It will take time, Mastodon said, to “select the appropriate jurisdiction and structure in Europe” before Mastodon can then “determine which other (subsidiary) legal structures are needed to support operations and sustainability.”
While Mastodon is carefully getting re-settled as a nonprofit in Europe, Zuckerberg this week went on Joe Rogan’s podcast to call on Donald Trump to help US tech companies fight European Union fines, Politico reported.
Experts told France24 that EU officials may “perhaps wrongly” already be fearful about ruffling Trump’s feathers by targeting his tech allies and would likely need to use the “full legal arsenal” of EU digital laws to “stand up to Big Tech” once Trump’s next term starts.
As Big Tech prepares to continue battling EU regulators, Mastodon appears to be taking a different route, laying roots in Europe and “establishing the appropriate governance and leadership frameworks that reflect the nature and purpose of Mastodon as a whole” and “responsibly serve the community,” its blog said.
“Our core mission remains the same: to create the tools and digital spaces where people can build authentic, constructive online communities free from ads, data exploitation, manipulative algorithms, or corporate monopolies,” Mastodon’s blog said.
The estimated 10 billion-plus euro cost of the IRIS² program is nearly double initial projections. European officials also confirmed the sovereign satellite network won’t begin providing services to European government customers until 2030, three years later than the commission’s previous schedule.
Rising costs and negotiations over how much governments and industry will pay for IRIS² have delayed the contract award for months. Earlier this year, press reports indicated the SpaceRISE consortium’s proposal for IRIS² carried a total cost of 12 billion euros. It seems the price has been negotiated down, at least by a small percentage, to around 10 billion.
It’s also worth noting that the EU will this year only commit to funding the IRIS² initiative through the end 0f 2027, when the commission’s seven-year budget framework expires. It’s almost certain the IRIS² program will require more government funding beyond 2027, but the European Commission said it will decide later on additional money, subject to the “availability of the corresponding appropriations.”
In April, a senior official in the German government, the EU’s top contributor, called for the IRIS² program to be restarted. Robert Habeck, Germany’s economy minister, called the proposed 12 billion euro price “exorbitant” and said the entire project was “ill-conceived” in a letter to Thierry Breton, then the EU’s internal market commissioner, according to a report in the Germany newspaper Handelsblatt.
Habeck’s protest obviously did not stop the European Commission from awarding the contract to the SpaceRISE consortium. The 12-year agreement will cover the development, deployment, and operation of at least 290 satellites placed at different orbital altitudes, from low-Earth orbit up to medium-Earth orbit several thousand miles above the planet.
At these higher altitudes, IRIS² can cover the globe with fewer satellites than Starlink, OneWeb, or Amazon Kuiper.
The commission’s press release said the agreement, the largest space contract in EU history, should be signed in December. At that time, “legal and financial commitment from both parties will be taken,” the commission said.
The SpaceRISE consortium includes numerous European satellite and telecom companies, including spacecraft manufacturers Airbus Defence and Space, Thales Alenia Space, and OHB. Telespazio, Deutsche Telekom, Orange, Hisdesat, and Thales SIX are also part of the industry group.
These companies are typically competitors in the satellite and telecom markets, as are SES, Eutelsat, and Hispasat, which head up the consortium. Getting all the contractors and subcontractors to play nice with one another will be no small feat.
On Monday, Microsoft came out guns blazing, posting a blog accusing Google of “dishonestly” funding groups conducting allegedly biased studies to discredit Microsoft and mislead antitrust enforcers and the public.
In the blog, Microsoft lawyer Rima Alaily alleged that an astroturf group called the Open Cloud Coalition will launch this week and will appear to be led by “a handful of European cloud providers.” In actuality, however, those smaller companies were secretly recruited by Google, which allegedly pays them “to serve as the public face” and “obfuscate” Google’s involvement, Microsoft’s blog said. In return, Google likely offered the cloud providers cash or discounts to join, Alaily alleged.
The Open Cloud Coalition is just one part of a “pattern of shadowy campaigns” that Google has funded, both “directly and indirectly,” to muddy the antitrust waters, Alaily alleged. The only other named example that Alaily gives while documenting this supposed pattern is the US-based Coalition for Fair Software Licensing (CFSL), which Alaily said has attacked Microsoft’s cloud computing business in the US, the United Kingdom, and the European Union.
That group is led by Ryan Triplette, who Alaily said is “a well-known lobbyist for Google in Washington, DC, but Google’s affiliation isn’t disclosed publicly by the organization.” An online search confirms Triplette was formerly a lobbyist for Franklin Square Group, which Politico reported represented Google during her time there.
Ars could not immediately reach the CFSL for comment. Google’s spokesperson told Ars that the company has “been a public supporter of CFSL for more than two years” and has “no idea what evidence Microsoft cites that we are the main funder of CFSL.” If Triplette was previously a lobbyist for Google, the spokesperson said, “that’s a weird criticism to make” since it’s likely “everybody in law, policy, etc.,” has “worked for Google, Microsoft, or Amazon at some point, in some capacity.”
Following an investigation, Elon Musk’s X has won its fight to avoid gatekeeper status under the European Union’s strict competition law, the Digital Markets Act (DMA).
On Wednesday, the European Commission (EC) announced that “X does indeed not qualify as a gatekeeper in relation to its online social networking service, given that the investigation revealed that X is not an important gateway for business users to reach end users.”
Since March, X had strongly opposed the gatekeeper designation by arguing that although X connects advertisers to more than 45 million monthly users, it does not have a “significant impact” on the EU’s internal market, a case filing showed.
A gatekeeper “is presumed to have a significant impact on the internal market where it achieves an annual Union turnover equal to or above EUR 7.5 billion in each of the last three financial years,” the case filing said. But X submitted evidence showing that its Union turnover was less than that in 2022, the same year that Musk took over Twitter and began alienating advertisers by posting their ads next to extremists’ tweets.
Throughout Musk’s reign at Twitter/X, the social networking company told the EC, both advertising revenue and users have steadily declined in the EU. In particular, “X Ads has a too small and decreasing scale in terms of share of advertising spend in the Union to constitute an important gateway in the market for online advertising,” X argued, further noting that X had a “lack of platform power” to change that anytime soon.
“In the last 15 months, X Ads has faced a decline in number of advertising business users, as well as a decline in pricing,” X argued.
According to the Dutch Data Protection Authority (DPA), Clearview AI “built an illegal database with billions of photos of faces” by crawling the web and without gaining consent, including from people in the Netherlands.
Clearview AI’s technology—which has been banned in some US cities over concerns that it gives law enforcement unlimited power to track people in their daily lives—works by pulling in more than 40 billion face images from the web without setting “any limitations in terms of geographical location or nationality,” the Dutch DPA found. Perhaps most concerning, the Dutch DPA said, Clearview AI also provides “facial recognition software for identifying children,” therefore indiscriminately processing personal data of minors.
Training on the face image data, the technology then makes it possible to upload a photo of anyone and search for matches on the Internet. People appearing in search results, the Dutch DPA found, can be “unambiguously” identified. Billed as a public safety resource accessible only by law enforcement, Clearview AI’s face database casts too wide a net, the Dutch DPA said, with the majority of people pulled into the tool likely never becoming subject to a police search.
“The processing of personal data is not only complex and extensive, it moreover offers Clearview’s clients the opportunity to go through data about individual persons and obtain a detailed picture of the lives of these individual persons,” the Dutch DPA said. “These processing operations therefore are highly invasive for data subjects.”
Clearview AI had no legitimate interest under the European Union’s General Data Protection Regulation (GDPR) for the company’s invasive data collection, Dutch DPA Chairman Aleid Wolfsen said in a press release. The Dutch official likened Clearview AI’s sprawling overreach to “a doom scenario from a scary film,” while emphasizing in his decision that Clearview AI has not only stopped responding to any requests to access or remove data from citizens in the Netherlands, but across the EU.
“Facial recognition is a highly intrusive technology that you cannot simply unleash on anyone in the world,” Wolfsen said. “If there is a photo of you on the Internet—and doesn’t that apply to all of us?—then you can end up in the database of Clearview and be tracked.”
To protect Dutch citizens’ privacy, the Dutch DPA imposed a roughly $33 million fine that could go up by about $5.5 million if Clearview AI does not follow orders on compliance. Any Dutch businesses attempting to use Clearview AI services could also face “hefty fines,” the Dutch DPA warned, as that “is also prohibited” under the GDPR.
Clearview AI was given three months to appoint a representative in the EU to stop processing personal data—including sensitive biometric data—in the Netherlands and to update its privacy policies to inform users in the Netherlands of their rights under the GDPR. But the company only has one month to resume processing requests for data access or removals from people in the Netherlands who otherwise find it “impossible” to exercise their rights to privacy, the Dutch DPA’s decision said.
It appears that Clearview AI has no intentions to comply, however. Jack Mulcaire, the chief legal officer for Clearview AI, confirmed to Ars that the company maintains that it is not subject to the GDPR.
“Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR,” Mulcaire said. “This decision is unlawful, devoid of due process and is unenforceable.”
But the Dutch DPA found that GDPR applies to Clearview AI because it gathers personal information about Dutch citizens without their consent and without ever alerting users to the data collection at any point.
“People who are in the database also have the right to access their data,” the Dutch DPA said. “This means that Clearview has to show people which data the company has about them, if they ask for this. But Clearview does not cooperate in requests for access.”
Dutch DPA vows to investigate Clearview AI execs
In the press release, Wolfsen said that the Dutch DPA has “to draw a very clear line” underscoring the “incorrect use of this sort of technology” after Clearview AI refused to change its data collection practices following fines in other parts of the European Union, including Italy and Greece.
While Wolfsen acknowledged that Clearview AI could be used to enhance police investigations, he said that the technology would be more appropriate if it was being managed by law enforcement “in highly exceptional cases only” and not indiscriminately by a private company.
“The company should never have built the database and is insufficiently transparent,” the Dutch DPA said.
Although Clearview AI appears ready to defend against the fine, the Dutch DPA said that the company failed to object to the decision within the provided six-week timeframe and therefore cannot appeal the decision.
Further, the Dutch DPA confirmed that authorities are “looking for ways to make sure that Clearview stops the violations” beyond the fines, including by “investigating if the directors of the company can be held personally responsible for the violations.”
Wolfsen claimed that such “liability already exists if directors know that the GDPR is being violated, have the authority to stop that, but omit to do so, and in this way consciously accept those violations.”
Surprisingly, this step wasn’t taken under laws like the Digital Services Act (DSA), the Digital Markets Act (DMA), or the General Data Protection Regulation (GDPR).
Instead, the EC announced Monday that Meta risked sanctions under EU consumer laws if it could not resolve key concerns about Meta’s so-called “pay or consent” model.
Meta’s model is seemingly problematic, the commission said, because Meta “requested consumers overnight to either subscribe to use Facebook and Instagram against a fee or to consent to Meta’s use of their personal data to be shown personalized ads, allowing Meta to make revenue out of it.”
Because users were given such short notice, they may have been “exposed to undue pressure to choose rapidly between the two models, fearing that they would instantly lose access to their accounts and their network of contacts,” the EC said.
To protect consumers, the EC joined national consumer protection authorities, sending a letter to Meta requiring the tech giant to propose solutions to resolve the commission’s biggest concerns by September 1.
That Meta’s “pay or consent” model may be “misleading” is a top concern because it uses the term “free” for ad-based plans, even though Meta “can make revenue from using their personal data to show them personalized ads.” It seems that while Meta does not consider giving away personal information to be a cost to users, the EC’s commissioner for justice, Didier Reynders, apparently does.
“Consumers must not be lured into believing that they would either pay and not be shown any ads anymore, or receive a service for free, when, instead, they would agree that the company used their personal data to make revenue with ads,” Reynders said. “EU consumer protection law is clear in this respect. Traders must inform consumers upfront and in a fully transparent manner on how they use their personal data. This is a fundamental right that we will protect.”
Additionally, the EC is concerned that Meta users might be confused about how “to navigate through different screens in the Facebook/Instagram app or web-version and to click on hyperlinks directing them to different parts of the Terms of Service or Privacy Policy to find out how their preferences, personal data, and user-generated data will be used by Meta to show them personalized ads.” They may also find Meta’s “imprecise terms and language” confusing, such as Meta referring to “your info” instead of clearly referring to consumers’ “personal data.”
To resolve the EC’s concerns, Meta may have to give EU users more time to decide if they want to pay to subscribe or consent to personal data collection for targeted ads. Or Meta may have to take more drastic steps by altering language and screens used when securing consent to collect data or potentially even scrapping its “pay or consent” model entirely, as pressure in the EU mounts.
“Subscriptions as an alternative to advertising are a well-established business model across many industries,” Meta’s spokesperson told Ars. “Subscription for no ads follows the direction of the highest court in Europe and we are confident it complies with European regulation.”
Meta’s model is “sneaky,” EC said
Since last year, the social media company has argued that its “subscription for no ads” model was “endorsed” by the highest court in Europe, the Court of Justice of the European Union (CJEU).
However, privacy advocates have noted that this alleged endorsement came following a CJEU case under the GDPR and was only presented as a hypothetical, rather than a formal part of the ruling, as Meta seems to interpret.
What the CJEU said was that “users must be free to refuse individually”—”in the context of” signing up for services—”to give their consent to particular data processing operations not necessary” for Meta to provide such services “without being obliged to refrain entirely from using the service.” That “means that those users are to be offered, if necessary for an appropriate fee, an equivalent alternative not accompanied by such data processing operations,” the CJEU said.
The nuance here may matter when it comes to Meta’s proposed solutions even if the EC accepts the CJEU’s suggestion of an acceptable alternative as setting some sort of legal precedent. Because the consumer protection authorities raised the action due to Meta suddenly changing the consent model for existing users—not “in the context of” signing up for services—Meta may struggle to persuade the EC that existing users weren’t misled and pressured into paying for a subscription or consenting to ads, given how fast Meta’s policy shifted.
Meta risks sanctions if a compromise can’t be reached, the EC said. Under the EU’s Unfair Contract Terms Directive, for example, Meta could be fined up to 4 percent of its annual turnover if consumer protection authorities are unsatisfied with Meta’s proposed solutions.
The EC’s vice president for values and transparency, Věra Jourová, provided a statement in the press release, calling Meta’s abrupt introduction of the “pay or consent” model “sneaky.”
“We are proud of our strong consumer protection laws which empower Europeans to have the right to be accurately informed about changes such as the one proposed by Meta,” Jourová said. “In the EU, consumers are able to make truly informed choices and we now take action to safeguard this right.”
According to Bloomberg, Google’s offer to the Cloud Infrastructure Services Providers in Europe (CISPE) required that the group maintain its EU antitrust complaint. It came “just days” before CISPE settled with Microsoft, and it was apparently not compelling enough to stop CISPE from inking a deal with the software giant that TechCrunch noted forced CISPE to accept several compromises.
Bloomberg uncovered Google’s attempted counteroffer after reviewing confidential documents and speaking to “people familiar with the matter.” Apparently, Google sought to sway CISPE with a package worth nearly $500 million for more than five years of software licenses and about $15 million in cash.
But CISPE did not take the bait, announcing last week that an agreement was reached with Microsoft, seemingly frustrating Google.
CISPE initially raised its complaint in 2022, alleging that Microsoft was “irreparably damaging the European cloud ecosystem and depriving European customers of choice in their cloud deployments” by spiking costs to run Microsoft’s software on rival cloud services. In February, CISPE said that “any remedies and resolution must apply across the sector and to be accessible to all cloud customers in Europe.” They also promised that “any agreements will be made public.”
But the settlement reached last week excluded major rivals, including Amazon, which is a CISPE member, and Google, which is not. And despite CISPE’s promise, the terms of the deal were not published, apart from a CISPE blog roughly outlining central features that it claimed resolved the group’s concerns over Microsoft’s allegedly anticompetitive behaviors.
What is clear is that CISPE agreed to drop their complaint by taking the deal, but no one knows exactly how much Microsoft paid in a “lump sum” to cover CISPE legal fees for three years, TechCrunch noted. However, “two people with direct knowledge of the matter” told Reuters that Microsoft offered about $22 million.
Google has been trying to catch up with Microsoft and Amazon in the cloud market and has recently begun gaining ground. Last year, Google’s cloud operation broke even for the first time, and the company earned a surprising $900 million in profits in the first quarter of 2024, which bested analysts’ projections by more than $200 million, Bloomberg reported. For Google, the global cloud market has become a key growth area, Bloomberg noted, as potential growth opportunities in search advertising slow. Seemingly increasing regulatory pressure on Microsoft while taking a chunk of its business in the EU was supposed to be one of Google’s next big moves.
A CISPE spokesperson, Ben Maynard, told Ars that its “members were presented with alternative options to accepting the Microsoft deal,” while not disclosing the terms of the other options. “However, the members voted by a significant majority to accept the Microsoft offer, which, in their view, presented the best opportunity for the European cloud sector,” Maynard told Ars.
Neither Microsoft nor Google has commented directly on the reported counteroffer. A Google spokesperson told Bloomberg that Google “has long supported the principles of fair software licensing and that the firm was having discussions about joining CISPE, to fight anticompetitive licensing practices.” A person familiar with the matter told Ars that Google did not necessarily make the counteroffer contingent on dropping the EU complaint, but had long been exploring joining CISPE and would only do so if CISPE upheld its mission to defend fair licensing deals. Microsoft reiterated a past statement from its president, Brad Smith, confirming that Microsoft was “pleased” to resolve CISPE’s antitrust complaint.
For CISPE, the resolution may not have been perfect, but it “will enable European cloud providers to offer Microsoft applications and services on their local cloud infrastructures, meeting the demand for sovereign cloud solutions.” In 2022, CISPE Secretary-General Francisco Mingorance told Ars that although CISPE had been clear that it intended to force Microsoft to make changes allowing all cloud rivals to compete, “a key reason behind filing the complaint was to support” two smaller cloud service providers, Aruba and OVH.
In two weeks, iPhone users in the European Union will be able to use any mobile wallet they like to complete “tap and go” payments with the ease of using Apple Pay.
The change comes as part of a settlement with the European Commission (EC), which investigated Apple for potentially shutting out rivals by denying access to the “Near Field Communication” (NFC) technology on its devices that enables the “tap and go” feature. Apple did not develop this technology, which is free for developers, the EC said, and going forward, Apple agreed to not charge developers fees to provide the NFC functionality on its devices.
In a press release, the EC’s executive vice president, Margrethe Vestager, said that Apple’s commitments in the settlement address the commission’s “preliminary concerns that Apple may have illegally restricted competition for mobile wallets on iPhones.”
“From now on, Apple can no longer use its control over the iPhone ecosystem to keep other mobile wallets out of the market,” Vestager said. “Competing wallet developers, as well as consumers, will benefit from these changes, opening up innovation and choice, while keeping payments secure.”
Apple has until July 25 to follow through on three commitments that resolve the EC’s concerns that Apple may have “prevented developers from bringing new and competing mobile wallets to iPhone users.”
Arguably, providing outside developers access to NFC functionality on its devices is the biggest change. Rather than allowing developers to access this functionality through Apple’s hardware, Apple has borrowed a solution prevalent in the Android ecosystem, Vestager said, granting access through a software solution called “Host Card Emulation mode.”
This, Vestager said, provides “an equivalent solution in terms of security and user experience” and paves the way for other wallets to be more easily used on Apple devices.
An Apple spokesperson told CNBC that “Apple is providing developers in the European Economic Area with an option to enable NFC contactless payments and contactless transactions for car keys, closed loop transit, corporate badges, home keys, hotel keys, merchant loyalty/rewards, and event tickets from within their iOS apps using Host Card Emulation based APIs.”
To ensure that Apple Pay is on an equal playing field with other wallets, the EC said that Apple committed to improve contactless payments functionality for rival wallets. That means that “iPhone users will be able to double-click the side button of their iPhones to launch” their preferred wallet and “use Face ID, Touch ID and passcode to verify” their identities when using competing wallets.
Perhaps most critically for users attracted to Apple’s payment options convenience, Apple also agreed to allow rival wallets to be set as the default payment option.
These commitments will remain in force for 10 years, Vestager said.
Apple did not immediately respond to Ars’ request for comment. Apple’s spokesperson confirmed to CNBC that no changes would be made to Apple Pay or Apple Wallet as a result of the settlement.
Apple’s commitments go beyond the DMA
Before accepting Apple’s commitments, the EC spoke to “many banks, app developers, card issuers, and financial associations,” Vestager said, whose feedback helped improve Apple’s commitments.
According to Vestager, Apple’s changes go beyond the requirements of the EU’s strict antitrust law, the Digital Markets Act, which “requires gatekeepers to ensure effective interoperability with hardware and software features that they use within their ecosystems,” including “access to NFC technology for mobile payments.”
Beyond the DMA, Apple agreed to have its compliance with the settlement “ensured by a monitoring trustee,” as well as to provide “a fast dispute resolution mechanism, which will also allow for an independent review of Apple’s implementation.”
Vestager assured all stakeholders in the European Economic Area that these changes will prevent any potential harms caused by Apple seeming to shut other wallets out of its devices, which “may have had a negative impact on innovation.” By settling the yearslong probe, Apple avoided a potentially large fine. In March, the EC fined Apple nearly $2 billion for restricting “alternative and cheaper music subscription services” like Spotify in its app store, and the suspected anticompetitive behavior in Apple’s payments ecosystem seemed just as harmful, the EC found.
“This reduction in choice and innovation is harmful,” Vestager said, confirming that the settlement concluded the EC’s probe into Apple Pay. “It is harmful to consumers and it is illegal under EU competition rules.”
Meta continues to hit walls with its heavily scrutinized plan to comply with the European Union’s strict online competition law, the Digital Markets Act (DMA), by offering Facebook and Instagram subscriptions as an alternative for privacy-inclined users who want to opt out of ad targeting.
Today, the European Commission (EC) announced preliminary findings that Meta’s so-called “pay or consent” or “pay or OK” model—which gives users a choice to either pay for access to its platforms or give consent to collect user data to target ads—is not compliant with the DMA.
According to the EC, Meta’s advertising model violates the DMA in two ways. First, it “does not allow users to opt for a service that uses less of their personal data but is otherwise equivalent to the ‘personalized ads-based service.” And second, it “does not allow users to exercise their right to freely consent to the combination of their personal data,” the press release said.
Now, Meta will have a chance to review the EC’s evidence and defend its policy, with today’s findings kicking off a process that will take months. The EC’s investigation is expected to conclude next March. Thierry Breton, the commissioner for the internal market, said in the press release that the preliminary findings represent “another important step” to ensure Meta’s full compliance with the DMA.
“The DMA is there to give back to the users the power to decide how their data is used and ensure innovative companies can compete on equal footing with tech giants on data access,” Breton said.
A Meta spokesperson told Ars that Meta plans to fight the findings—which could trigger fines up to 10 percent of the company’s worldwide turnover, as well as fines up to 20 percent for repeat infringement if Meta loses.
Meta continues to claim that its “subscription for no ads” model was “endorsed” by the highest court in Europe, the Court of Justice of the European Union (CJEU), last year.
“Subscription for no ads follows the direction of the highest court in Europe and complies with the DMA,” Meta’s spokesperson said. “We look forward to further constructive dialogue with the European Commission to bring this investigation to a close.”
However, some critics have noted that the supposed endorsement was not an official part of the ruling and that particular case was not regarding DMA compliance.
The EC agreed that more talks were needed, writing in the press release, “the Commission continues its constructive engagement with Meta to identify a satisfactory path towards effective compliance.”
