SIIA is encouraged that the U.S. and the European Union have reached an agreement in principle allowing transatlantic data flows from the EU to the U.S.   Today’s announcement is an important step in resolving an issue that impacts businesses and consumers on both sides of the Atlantic.  Our members along with more than 5,000 European and American companies – over 75% small or medium-sized – will benefit from a final agreement that provides certainty, clarity and consistency.  We look forward to reviewing the details and continuing to work with EU and U.S. officials to finalize the arrangement. We also hope this development motivates Congress to enact a comprehensive federal privacy law that restores both European and American trust in our standards for personal data safety while continuing to enable the innovation that has made the U.S. the global leader in technology.

The Software & Information Industry Association (SIIA) issued the following statement attributed to Jeff Joseph, President:

The final agreement on the Digital Markets Act (DMA) marks the passage of another piece of tech legislation by the European Union that is likely to have impact well beyond its borders and seems particularly discriminatory to U.S. companies. The DMA raises several concerns for SIIA and our members:

• It will put large U.S. tech companies at a disadvantage compared to their foreign competitors.
• It breaks with how competition law traditionally is concerned with a company’s conduct, not its size.
• It will negatively impact international data security and consumer protection.

While the DMA may serve the EU’s interest in fostering European tech champions, it is important to be honest about its collateral consequences. Large U.S. tech companies provide a significant portion of the backbone of the global internet. Hobbling these companies will create a vacuum that, at least in the short term, will be filled by non-U.S. companies that do not subscribe to our democratic values. This is likely to weaken our collective security and the privacy rights of EU citizens.

As this new regulation is implemented, SIIA looks forward to working with the EU Commission to ensure that the coming regulatory dialogues with affected companies will be both serious and meaningful, and that the DMA, and its practical effects, will undergo a comprehensive review within a reasonable timeframe.

Closer to home, the DMA has clearly been a source of inspiration for S.2992,”The American Innovation and Choice Online Act,” now pending before the Senate, and its companion bill, H.R.3816, in the House.  SIIA is concerned that these legislative proposals will –

• Weaken national security. Large U.S. tech companies are critical to important R&D in emerging technologies like AI and quantum computing and provide a significant portion of the backbone for the global internet. Hobbling them will have profound effects on U.S. national security.
• Weaken cybersecurity. At a time when we are more vulnerable to cyberattacks, ransomware, and privacy intrusions by malicious state and non-state actors, these bills will hinder the ability of large platforms to maintain a safe and trustworthy internet ecosystem.
• Weaken privacy protections. The bills will also undermine consumer privacy. Tech platforms often compete by offering better privacy protections than their competitors. But such company-specific privacy policies could easily run afoul of the bills’ duty not to discriminate.

More details on SIIA’s position on these two bills can be found here.

The agreement on the Digital Markets Act (DMA) released on March 24, 2022 has clearly been a source of inspiration for S.2992,”The American Innovation and Choice Online Act,” now pending before the Senate, and its companion bill, H.R.3816, in the House.  Finding the right balance between the many and varied interests that these bills seek to address requires difficult tradeoffs that need to be considered carefully and not on a rushed timetable. Given what’s at stake, we cannot afford to get this wrong.

SIIA is concerned that these legislative proposals will –

• Weaken national security.  Large U.S. tech companies are critical to important R&D in emerging technologies like AI and quantum computing and provide a significant portion of the backbone for the global internet. Hobbling them will have profound effects on U.S. national security. First, it will create a vacuum that will be filled in the short term by massive non-U.S. companies that do not subscribe to the democratic values that the U.S. believes are essential for the future of tech and our geopolitical order. This will strengthen certain companies tied to authoritarian regimes as there are no large platforms in other democratic nations – including Europe – primed to provide the services and access that these U.S. companies do. This puts the U.S. government at a disadvantage for national security and law enforcement needs while bolstering China’s bid to overtake the United States in economic power and technological innovation.
• Weaken cybersecurity. At a time when we are more vulnerable to cyberattacks, ransomware, and privacy intrusions by malicious state and non-state actors, these bills will hinder the ability of large platforms to maintain a safe and trustworthy internet ecosystem. By restricting these companies in their ability to protect consumers’ personal information, the bills, if enacted, will make the enforcement of strong cybersecurity policies more difficult and put at risk the security of the U.S. and its allies and partners.
• Weaken privacy protections. The bills will also undermine consumer privacy. Tech platforms often compete by offering better privacy protections than their competitors. But such company-specific privacy policies could easily run afoul of the bills’ duty not to discriminate. In addition, the proposals require large U.S. tech companies to turn over user data to any company that requests it, irrespective or where it is located. Under the domestic laws of China and Russia, for example, the government can compel the disclosure of information, which would pose a threat to U.S. persons.
• Diminish consumer welfare. For decades, U.S. antitrust law has been guided by the consumer welfare standard with the focus of competition policy being on protecting the interests of consumers. Under this standard, the conduct of individual companies is only relevant if it is anti-competitive. Competition law normally applies to all businesses, not just a small group of large companies. These proposals break with those principles and are likely to result in consumers having to pay more for products and services that also might become harder and less convenient to access.
• Create unintended but serious spillover effects. Based on trends in another country that has adopted similar-type rules, there is concern that while the bills only directly apply to a small group of companies, it will come to be seen as the rulebook on good business behavior and therefore expand its reach to a much larger group of companies and the broader economy.

The blunt force of antitrust will not address perceived concerns around “big tech” in the United States. Those revolve largely around how companies collect, store, and use personal data. While the DMA may serve the EU’s interest in fostering European tech champions, that concern does not justify the significant consequences that the U.S. legislation is likely to have on U.S. consumers, small- and medium-sized businesses, and national security.

We think these bills are fatally flawed and cannot support final passage.