Bookmarked Commission opens non-compliance investigations against Alphabet, Apple and Meta under the Digital Markets Act (by European Commission)

With the large horizontal legal framework for the single digital market and the single market for data mostly in force and applicable, the EC is initiating first actions. This announcement focuses on app store aspects, on steering (third parties being able to provide users with other paths of paying for services than e.g. Apple’s app store), on (un-)installing any app and freedom to change settings, as well as providers preferencing own services above those of others. Five investigations for suspected non-compliance involving Google (Alphabet), Apple, and Meta (Facebook) have been announced. Amazon and Microsoft are also being investigated in order to clarify aspects that may lead to suspicions of non-compliance.

The investigation into Facebook is about their ‘pay or consent’ model, which is Facebook’s latest attempt to circumvent their GDPR obligations that consent should be freely given. It was clear that their move, even if it allows them to steer clear of GDPR (which is still very uncertain), it would create issues under the Digital Markets Act (DMA).

In the same press release the EC announces that Facebook Messenger is getting a 6 month extension of the period in which to comply with interoperability demands.

The Commission suspects that the measures put in place by these gatekeepers fall short of effective compliance of their obligations under the DMA. … The Commission has also adopted five retention orders addressed to Alphabet, Amazon, Apple, Meta, and Microsoft, asking them to retain documents which might be used to assess their compliance with the DMA obligations, so as to preserve available evidence and ensure effective enforcement.

European Commission

The Bavarian state court in Munich, Germany, on 20 January 2022, decided that using Google fonts in your site breaches the GDPR. This because:

  • it discloses your (dynamic) IP address, a person identifiable datum, to Google when you visit a site that uses their fonts,
  • disclosing your IP address can’t be motivated as necessary as these fonts can be used without establishing a connection between a website visitor and Google’s servers, (and visitor consent wasn’t sought by website owner)
  • as Google is known to actively track users, sending the IP address to Google means a loss of control over personal data by the website visitor,
  • in this case resulting in discomfort for plaintiff such that the website owner as defendant is ordered to
    • stop sending visitor’s IP addresses to Google for their fonts, or face up to 250.000 Euro or 6 months imprisonment for each visit to defendant’s websites by the plaintiff,
    • pay plaintiff 100 Euro compensation plus interest since the filing of the case.

In other words, now is the time to start hosting Google fonts locally on your webserver, and to quit providing your visitor’s IP addresses to Google with each visit to your site. I don’t use G’s fonts on this site, and generally block them in my browser. We are in the process of revamping our company website, and will ensure we will no longer load Google fonts remotely from now on.

Google is experimenting with added functionality to the Chrome browser that follows your browsing. It’s called Federated Learning of Cohorts, FLoCs. This is a way of tracking you for advertising purposes that doesn’t rely on third party cookies. That last bit sounds nice, but it is still very much based on active tracking, and this time it’s the Chrome browser itself that provides the data, turning Chrome into ad-delivery malware. You can opt-out with your Chrome browser, or better yet by not using Chrome, and also website owners can opt out their sites.

That is what I’ve done, opting out my WordPress site, by adding a small function to functions.php in my theme. Adtech cannot be aligned with the GDPR, so it wasn’t a decision at all.

WordPress seems to be planning to add that function to WordPress itself, starting from version 5.8, which should arrive in July. That sounds like a good step.

If that blocking is too successful however, I bet we’ll see opt-out settings actively ignored, like with the Do-Not-Track settings already.

Thirteen years ago today I blogged about Google launching Open Social, an API that would allow developers to tap into multiple social networks at once. It was supposed to be an answer to Facebook (who then had opened up their platform silo for developers to build small applications (since removed as an option). The NYT called it Google ‘ganging up’ on Facebook, the ‘new kid on the block’ (FB became globally available to all in the fall of 2006).

Seeing that 2007 posting in my ‘on this blog today in…’ widget I was curious to see whatever happened to Open Social. After the launch in 2007, I don’t remember hearing much about it anymore.

Following the link to Google’s own page on Open Social now gets a 404 error message (which isn’t different from 2007 when I blogged it, because news leaked before the launch, so that page wasn’t active yet. In between today and today in 2007 it has been a working link for some years though as the Internet Archive can attest) Wikipedia has the story of the years in between in more detail. The Open Social standard saw it latest release in August 2013, and then development stopped.

By the end of 2014 it was all transferred to the W3C’s Social Activity, the Social Web Working Group, and the Social Interest Group. All those three are defunct now too (the interest group closed in 2016, the working group and activity early 2018).

Yet, the still remaining W3C Working Group page has a photo with a number of familiar faces: core members of the IndieWeb community. And the Working Group delivered in their 2014-2018 period of activity the W3C standard recommendations for all the major building blocks of the IndieWeb (Webmentions, Micropub, Microsub, Activitypub, IndieAuth). The W3C activity wound down and reduced to a single W3C IRC channel #social that sees little activity. The log files of #social are hosted on indieweb.org.

So here we are, thirteen years down the road. It’s not Google but IndieWeb-enabled websites like mine ‘ganging up on Facebook’ instead. 😉