European Union Digital Single Market
October 6, 2017
European Union Digital Single Market
The European Commission, the European Union’s (EU’s)
where more Commission action is needed: the data
executive body, announced the Digital Single Market
economy, cybersecurity, and online platforms. The
(DSM) strategy on May 6, 2015, to modernize and
Commission has since released proposals to increase EU-
harmonize legislation governing the digital economy across
wide integration on cybersecurity and to address barriers to
the EU’s 28 member states. The strategy consists of 35
internal EU cross-border flows of non-personal data, raising
draft legislative proposals and initiatives concerning the
new controversies. Debate continues on defining online
DSM. Congress has an interest in understanding the DSM
platforms and potential scope of any regulation.
as it has generated debate among EU and U.S.
The mid-term report also estimates a funding shortfall for
policymakers, industry groups, and other stakeholders about
infrastructure investment and identifies programs to
its potential benefits and drawbacks. The DSM is expected
stimulate investment. While all member states now have
to impact U.S. firms who operate in or trade with the EU. It
broadband plans, the report highlights disparities among
also may influence the EU’s position in any trade
digital strategies and the levels of private sector digitization
negotiations with the United States or third parties, given
and citizen digital literacy, calling for greater convergence.
the significant role of the digital economy in the U.S.-EU
Selected Provisions of Interest
trade and investment relationship.
DSM Objectives
The DSM raises several potential trade barriers for U.S.
firms, as highlighted by the U.S. Trade Representative’s
The DSM “could contribute €415 billion per year ($488
2017 report on foreign trade barriers. Issues include:
billion) to [the EU] economy and create hundreds of
thousands of new jobs,” according to the Commission.
Intellectual Property
Today, of the online services consumed by EU citizens,
The DSM proposes changes to EU copyright rules to fit the
54% are provided by U.S.-based companies, 42% by
digital era. The reforms aim to strike a balance between the
companies in their own country, and 4% by companies
rights of those in the copyright industries and the rights of
based elsewhere in the EU.
users. However, technology industry groups criticize the
The DSM has three pillars, each with multiple initiatives:
proposal for limiting copyright protections, and civil society
groups favoring greater access view them as inadequate.
Pillar 1 aims to improve consumer and business access to
digital goods and services by updating rules for digital
One flashpoint is the proposed new right for publishers to
contracts, cross-border content portability within the EU,
protect digital use of their press publications for 20 years.
and copyrights; facilitating e-commerce by eliminating geo-
This would enable them to conclude license agreements
blocking (discrimination against online consumers based on
with news aggregators. Member states also would have the
nationality or location), enabling cross-border parcel
option to allow publishers to claim compensation for using
delivery, and revising consumer protection regulation; and
the work even if the use falls under a copyright exception
updating the value added tax system.
(the so-called “link/snippet tax”). Another contested area is
proposed new copyright exceptions. For instance, EU
Pillar 2 focuses on creating a level playing field for digital
member states would have to introduce in their national law
networks and services by updating rules for
mandatory exceptions to allow text and data-mining of
telecommunications, mobile Internet services, audiovisual
copyrighted content for scientific research, use of
media services, online platforms, data privacy, and
copyrighted content for teaching, and copying copyrighted
establishing a cybersecurity public-private partnership.
work for collections by cultural heritage organizations.
Pillar 3 seeks to maximize the growth potential of the
The reforms also appear to impose a new obligation on
digital economy by defining information communication
Internet service providers (ISPs) that store and provide
technology and interoperability standards; providing digital
access to large amounts of user-uploaded content. Such
public services; and supporting EU and country-specific
ISPs would have to take certain measures to protect this
data and digital innovation efforts, the free flow of data
material. Some argue that the requirement to actively
within the EU, and a “European Cloud Initiative.”
monitor user-uploaded content differs from the U.S.
DSM Status
approach, which gives ISPs safe harbor from liability for
In its May 2017 mid-term review, the Commission calls on
infringing works on their systems if they take certain
the European Parliament and member states (acting in the
actions in response to requests from content owners.
Council of the European Union) to adopt the existing
Information and Communications Technology
legislative proposals, but this is a slow process in the EU
(ICT) Standardization
system and further changes are still possible. Observers
note that some proposals are controversial for the
The DSM includes plans for working with European and
Parliament and the member states for a variety of political
other standards development organizations to identify and
and economic reasons. The report also notes three areas
build standards in five ICT areas: 5G communications,
cloud computing, the Internet of things, (big) data
https://crsreports.congress.gov
link to page 2
European Union Digital Single Market
technologies, and cybersecurity. The Commission has
The GDPR will be directly applicable in all EU member
identified these as the “technology building blocks” of the
states, thus establishing a single EU-wide set of rules for
DSM. U.S. agencies and companies may elect to participate
data protection when fully implemented (expected May 25,
in these efforts so that DSM standards do not diverge from
2018). However, one observer contends that approximately
other international standards and create trade barriers.
40 provisions of GDPR remain allowing individual member
Data Flows
states to set their own standards which could lead to
confusion.
The United States and EU remain each other’s largest trade
and investment partners, and transatlantic flows of data are
U.S. officials do not expect the GDPR to impact the Privacy
important for the U.S. and European economies and the
Shield and companies’ ability to transfer data. While the
largest cross-border data flows in the world (see Figure 1).
UK has stated that it will continue to adhere to the GDPR
after its expected exit from the EU in 2019 (“Brexit”),
Businesses state that existing localization requirements by
member states create added costs. Some voice concern that
many experts suggest that the UK would no longer be
even implementing the DSM cross-border data flows
covered by the EU-U.S. Privacy Shield.
initiative would limit the free flow of non-personal data to
Issues for Congress
within the EU borders and not extend outside the region,
creating a “European Cloud” isolated from the rest of the
Impact on U.S. Relationship and Economy
world. The DSM public security exception may further
Potential positive outcomes from the DSM initiative
allow member states to limit cross-border data flows and
include transparency, predictability, and a harmonized
impose localization requirements within a given country.
single set of rules for U.S. firms doing business in the EU.
However, firms may face additional costs and regulatory
Figure 1. Global Cross-border Data Flows
burdens if the EU rules or standards diverge with U.S.
policies or international standards. Critics see the EU’s
desire for “digital sovereignty” driven by protectionist and
anti-competitive motives targeting U.S. Internet firms.
During its public consultations on proposed regulations, the
EU collects feedback from interested parties, including U.S.
stakeholders, but not all of it is publicly available.
Impact on Trade Negotiations
As Congress considers digital trade provisions for free trade
agreements, it may review the EU’s positions that may
include issues in the DSM. The EU and United States have
expressed similar goals in recent World Trade Organization
(WTO) digital trade-related discussions, including
proposals to facilitate e-commerce, enhance transparency,
and address trade barriers impeding trade in information
communication technology goods. The EU has not defined
its position on cross-border data flows.
Source: McKinsey Global Institute.
The impact of the DSM on the EU’s position in the ongoing
Notes: Lines represent interregional bandwidth.
plurilateral Trade in Services Agreement (TiSA)
Privacy: Privacy Shield and GDPR
negotiations is not clear as the EU has not made a proposal
on cross-border data flows or data privacy. The United
While not part of the DSM, the Privacy Shield and General
States had opposed the EU’s position to exempt new
Data Protection Regulation (GDPR) are closely linked to
services from TiSA obligations, as these would likely
DSM efforts and directly impact U.S. companies operating
include new digitally enabled and delivered services.
in the EU. Under the 2016 EU-U.S. Privacy Shield
agreement, companies that enroll and are certified can
In addition to the WTO and TISA, bilateral engagement
transfer EU citizens’ personal data to the United States
through the potential Transatlantic Trade and Investment
while complying with EU existing requirements. The
Partnership (T-TIP) and on individual DSM proposals
Departments of Commerce and State administer the Privacy
present opportunities for the United States and EU to build
Shield on the U.S. side and conduct an annual
international standards for the digital economy that could
implementation review with the European Commission.
become the global norm. Negotiations for both TiSA and T-
TIP are on pause until the Trump Administration and EU
To facilitate the DSM, EU member states and the European
decide how they wish to proceed.
Parliament agreed to the GDPR in April 2016. The GDPR
establishes rules and liability obligations, and provides for
For more information, see https://ec.europa.eu/digital-
various rights for EU citizens. Controversial areas for U.S.
single-market/en/digital-single-market and CRS Report
businesses include implementation costs and administrative
R44565, Digital Trade and U.S. Trade Policy, coordinated
burdens, compliance with requests under the new “right to
by Rachel F. Fefer.
be forgotten” for individuals wanting to remove certain
online information about themselves, and potential fines of
Rachel F. Fefer, Analyst in International Trade and
up to four percent of a firm’s annual global revenue for
Finance
GDPR violations.
Shayerah Ilias Akhtar, Specialist in International Trade
and Finance
https://crsreports.congress.gov
European Union Digital Single Market
IF10748
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF10748 · VERSION 2 · NEW