ByteDance’s TikTok seems to be set for a rough ride in Europe.
On Friday, the social media giant failed (for now) in its attempt to escape having to comply with the strictest provisions of the EU’s big new antitrust law, the Digital Markets Act (DMA), which comes into effect for the biggest online players a few weeks from now.
The European Commission designated TikTok as a “gatekeeper” service back in September—this means it controls the critical gateway between businesses and consumers on its widely used platform and is therefore subject to additional oversight. A variety of Alphabet, Amazon, Apple, Meta, and Microsoft services all were designated as gatekeepers at the same time. Two months later, ByteDance appealed to the EU General Court to have this designation overturned, claiming that TikTok was no gatekeeper because it was a challenger, rather than an entrenched incumbent that needed tight antitrust regulation.
The General Court will still consider ByteDance’s case, but it last week rejected the company’s application for the “gatekeeper” designation to be immediately suspended while the case is heard. ByteDance had argued there’s a risk of “disclosure of highly strategic information concerning TikTok’s user profiling practices, which is not otherwise in the public domain,” which might benefit its “competitors and other third parties…in a way that would significantly harm its business.” But the court said TikTok hadn’t proven this and threw out its application.
The DMA comes with many obligations for gatekeepers, not all of which would apply to a service like TikTok—but TikTok will, for example, have to allow interoperability with third-party services and give business users access to the data generated by their TikTok activities. And, as alluded to in its failed argument to the General Court, it won’t be allowed to track its users outside the confines of its own platform, without those users explicitly consenting to being tracked.
That’s going to be a headache for TikTok’s targeted advertising strategy, but it may not be the platform’s biggest European problem.
Also on Friday, Bloomberg reported that the European Commission is preparing to formally investigate TikTok for breaking the rules in the DMA’s twin law, the new Digital Services Act (DSA), which deals with illegal content and disinformation.
The Commission is reportedly concerned about TikTok’s failure to protect minors. It’s not entirely clear what the authority’s specific concerns are, but the company certainly has form on this front. The Irish privacy watchdog last year fined TikTok €345 million ($371 million) under the EU General Data Protection Regulation (GDPR), for (among other things) making teens’ data public by default and allowing people who couldn’t be verified as parents or guardians to pair their accounts with those of child users and then change their safety settings.
The GDPR’s fines can run to 4% of global annual revenue. The DSA’s go up to 6%, with further penalties possible if platforms try to delay complying with the Commission’s enforcement measures—and the Commission can, in theory, even suspend services that persistently break the rules and put users at risk.
All of this is very bad news for TikTok, but there’s a more general lesson here for anyone who’s been following the EU’s Big Tech laws. Many people see the GDPR, the DMA, and DSA as jealous, protectionist attempts to attack American tech companies. That perspective is certainly understandable, but TikTok is not American, even if one of its global headquarters is in Los Angeles—the other is in Singapore, and the headquarters of parent company ByteDance remain in Beijing. TikTok’s nationality is not the issue here; the key factor is its popularity.
If a European tech platform had uptake comparable with that of TikTok or Facebook or X, then it too would find itself in the EU’s crosshairs. And frankly, Europe should be so lucky. More news below.
Want to send thoughts or suggestions to Data Sheet? Drop a line here.
Neuralink leaves Delaware. After a Delaware judge voided his $55.8 billion Tesla pay package, Elon Musk has pulled his brain-implant company, Neuralink, out of the state. The Associated Press reports Neuralink’s new corporate home (its actual, physical home is in California) is Nevada. Delaware’s courts are generally notorious for being business-friendly. Meanwhile, a San Francisco federal judge over the weekend ordered Musk to testify again in the Security and Exchange Commission investigation of his Twitter takeover.
Huang on Altman. Nvidia CEO Jensen Huang doesn’t seem to think much of OpenAI CEO Sam Altman’s reported desire to raise $7 trillion (yes, you read that right) to build better AI. “You can’t assume just that you will buy more computers. You have to also assume that the computers are going to become faster and therefore the total amount that you need is not as much,” he said today at the World Government Summit in Dubai, according to Bloomberg. He also said each country should build its own AI infrastructure in order to protect its culture while using the technology.
French data breach. Breaches at French payments companies Viamedis and Almerys have exposed the data of nearly half of France’s citizens, according to the country’s privacy regulator CNIL. The Register reports that the scale of the incidents, both of which occurred late last month, is unprecedented in France.
ON OUR FEED
“Using basic prompting techniques, users were able to successfully break the LLM’s safeguards immediately, obtaining assistance for a dual-use task. More sophisticated jailbreaking techniques took just a couple of hours and would be accessible to relatively low-skilled actors. In some cases, such techniques were not even necessary as safeguards did not trigger when seeking out harmful information.”
—The U.K.’s new AI Safety Institute shares an early evaluation of today’s large language models.
IN CASE YOU MISSED IT
BEFORE YOU GO
Data center curbs. The Financial Times has a fascinating piece out today on government restrictions on data centers, intended to rein in their enormous energy usage. Ireland (a key location for tech multinationals, for tax and regulatory reasons) is limiting new connections to the power grid, and several big data-center operators have recently seen planning permits denied there. Authorities in Germany, Singapore, China and even Loudoun County in Virginia are also taking measures to protect their grids and protect the environment. And AI workloads are making the problem worse.
This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox.