Big tech companies face hefty fines in Britain and the European Union if they treat rivals unfairly or fail to protect users on their platforms, in proposed regulations unveiled Tuesday by officials in London and Brussels.
The EU outlined its long-awaited sweeping overhaul of digital regulations while the British government released its own plans to step up policing of harmful material online, signaling the next phase of technology regulation in Europe.
Both sets of proposals include specific measures aimed at the biggest tech companies. The EU wants to set new rules for "digital gatekeepers" to prevent them from imposing unfair conditions, such as blocking businesses from accessing their own data or locking consumers into services and limiting their options for switching.
The rules, known as the Digital Markets Act, set out criteria for defining companies as gatekeepers and allows for fines of up to 10% of annual global revenue.
Another part of the EU plan, the Digital Services Act, updates the bloc's 20-year-old rules on e-commerce by making online platforms take more responsibility for their goods and services. That can include weeding out shady traders and swiftly taking down illegal content such as hate speech, though in a bid to balance free speech requirements, users will be given the chance to complain. Violations risk fines of up to 6% of annual turnover.
In Britain, social media and other internet companies face big fines if they don't remove and limit the spread of harmful material such as child sexual abuse or terrorist content and protect users on their platforms.
Under legislative proposals that the U.K. government plans to launch next year, tech companies that let people post their own material or talk to others online could be fined up to 18 million pounds ($24 million) or 10% of their annual global revenue, whichever is higher, for not complying with the rules.
The proposals, contained in the U.K. government's Online Safety Bill, will have extra provisions for the biggest social media companies with "high-risk features," expected to include Facebook, TikTok, Instagram and Twitter.
These companies will face special requirements to assess whether there's a "reasonably foreseeable risk" that content or activity that they host will cause "significant physical or psychological harm to adults," such as false information about coronavirus vaccines. They'll have to clarify what is allowed and how they will handle it.
All companies will have to take extra measures to protect children using their platforms. The new regulations will apply to any company whose online services are accessible in the U.K and those that don't comply could be blocked.
The U.K. government is also reserving the right to impose criminal sanctions on senior executives, with powers it could bring into force through additional legislation if companies don't take the new rules seriously – for example by not responding swiftly to information requests from regulators.
Meanwhile, the Irish Data Privacy Commission issued Twitter with a 450,000-euro ($540,000) fine for a security breach. The company triggered an investigation after reporting the breach in January 2019, which affected users of the social media company's Android app.
But it didn't report it quickly enough, because of "an unanticipated consequence of staffing between Christmas Day 2018 and New Years' Day," the company said.
"We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers," Twitter said.
It's the first punishment for a big U.S. tech company since the EU's strict privacy rules, known as General Data Protection Regulation, took effect in 2018.
Under GDPR, a single regulator takes the lead role in cross-border data privacy cases as part of a "one-stop shop" system. But the system has come under question, with Ireland's watching facing criticism for taking too long to decide on cases. The Twitter decision was also delayed after regulators in other EU member states objected to Ireland's draft penalty.