Blog post by Josep Borrell, High Representative of the European Union for Foreign Affairs and Security Policy / Vice-President of the European Commission |
The Internet plays a vital role in our lives, which is why we need to protect ourselves against cyber-attacks. Today, the EU imposed its first-ever cyber sanctions, to defend its citizens and companies from cyber threats.
“We will not tolerate cyber-attacks: we have the tools to protect ourselves and the determination to use the them.”HR/VP Josep Borrell
Not many inventions have changed the lives of people as much as the Internet. It removes geographical barriers, connects billions of people with multiple devices and allows for communication and commerce at a global scale. People all over the world benefit from it. If I compare the opportunities that the Internet offers to me today with those I had when I was 20 years old, the gap is staggering.
However, the open, accessible and interconnected Internet that brings freedom, enhances our well-being and spurs economic growth, is being misused. States and non-state actors alike have realised that cyberspace and the Internet in particular are powerful tools to pursue malicious activities, including fraud, extortion, data theft or money-laundering. Many will remember cyber-attacks like WannaCry and NotPetya, which affected computers worldwide. Or they have heard about the problem of cyber-enabled theft of commercially sensitive data of companies. The Internet has also become an arena for ideological battles, the spread of disinformation and the theft of intellectual property, with some states increasingly using it to curtail liberties and advance their geopolitical goals.
So cyber threats are on the rise and in permanent evolution. A cyber-attack can leave a country crippled within seconds, causing electricity blackouts or navigational disruptions for international air and maritime transport. We see governments and political systems being destabilised through cyber-attacks and electoral interference. Its effects can be significant and irreversible, harming millions of people and putting the security and stability of our societies are at risk. This unfortunately is today’s reality. And we have even seen this happening during the Coronavirus pandemic, with attacks against hospitals and data centres, putting peoples’ lives as risk.
As EU we prioritise international cooperation and dialogue to tackle these malicious activities. In particular, we believe that respect for international law and the continued work in the United Nations on norms of responsible state behaviour is essential to maintaining international security and stability in cyberspace. However, some actors seem to undermine this important work and the achievements of the international community to date. This is unacceptable. We have repeatedly signalled our concerns and condemned these malicious cyber activities, warning those that undertake these activities, both publicly and privately.
Since 2017, the EU has put in place a comprehensive cyber diplomacy toolbox to prevent, deter and respond to malicious behaviour in cyberspace. One of its tools is the EU autonomous cyber-sanctions regime, adopted in 2019, which makes it possible to apply restrictive measures to persons and entities involved in significant cyber-attacks threatening the EU or its member states, regardless of nationality or the location of the perpetrator. Listings are also possible for attempted cyber-attacks, as well as for cyber-attacks against third states or international organisations. The restrictive measures are a travel ban and/or asset freeze. Moreover, EU persons and entities are forbidden from making funds available to those listed.
Today, for the first time, we have decided to make use of this sanctions regime by imposing travel bans and assets freezes against six individuals as well as assets freezes against three entities or bodies. They were involved in significant cyber-attacks, or attempted cyber-attacks against the EU and its member states.  These individuals and entities have been involved in cyber-attacks against companies located in the EU, such as those known as WannaCry, NotPetya, Operation Cloud Hopper or the attempted cyber-attack against the Organisation for the Prohibition of Chemical Weapons (OPCW).
“Today, for the first time, we have decided to make use of this sanctions regime by imposing travel bans and assets freezes against six individuals as well as assets freezes against three entities or bodies.”HR/VP Josep Borrell
These targeted measures will ensure that those individuals and entities are held accountable for their actions. They send a strong message to the world that we will not tolerate such cyber-attacks: we have the tools to protect ourselves and the determination to use them.
We will of course continue to push for international cooperation to build a global, open, stable, peaceful and secure cyberspace, including by reducing the ability of potential perpetrators to misuse cyberspace. For decades, the EU has invested significantly in increasing global cyber resilience and tackle cybercrime through our capacity building programmes – and we will continue to do so. Advancing international security and stability will remain our priority so that everyone can reap the benefits that the Internet and the use of technologies provide.
Everyone has a responsibility and we call on all actors to step up efforts to prevent cyber-attacks from happening. With today’s decision, the EU has shown it is ready to do its part and the wider efforts continue.
Compliments of the Delegation of hte European Union to the United States.

The European Commission has opened an in-depth investigation to assess the proposed acquisition of Fitbit by Google under the EU Merger Regulation. The Commission is concerned that the proposed transaction would further entrench Google’s market position in the online advertising markets by increasing the already vast amount of data that Google could use for personalisation of the ads it serves and displays.
Executive Vice-President Margrethe Vestager, responsible for competition policy, said: “The use of wearable devices by European consumers is expected to grow significantly in the coming years. This will go hand in hand with an exponential growth of data generated through these devices. This data provides key insights about the life and the health situation of the users of these devices. Our investigation aims to ensure that control by Google over data collected through wearable devices as a result of the transaction does not distort competition.”
The Commission’s preliminary competition concerns
Following its first phase investigation, the Commission has concerns about the impact of the transaction on the supply of online search and display advertising services (the sale of advertising space on, respectively, the result page of an internet search engine or other internet pages), as well as on the supply of ”ad tech” services (analytics and digital tools used to facilitate the programmatic sale and purchase of digital advertising). By acquiring Fitbit, Google would acquire (i) the database maintained by Fitbit about its users’ health and fitness; and (ii) the technology to develop a database similar to Fitbit’s one.
The data collected via wrist-worn wearable devices appears, at this stage of the Commission’s review of the transaction, to be an important advantage in the online advertising markets. By increasing the data advantage of Google in the personalisation of the ads it serves via its search engine and displays on other internet pages, it would be more difficult for rivals to match Google’s online advertising services. Thus, the transaction would raise barriers to entry and expansion for Google’s competitors for these services, to the ultimate detriment of advertisers and publishers that would face higher prices and have less choice.
At this stage of the investigation, the Commission considers that Google:
  is dominant in the supply of online search advertising services in the EEA countries (with the exception of Portugal for which market shares are not available);
holds a strong market position in the supply of online display advertising services at least in Austria, Belgium, Bulgaria, Croatia, Denmark, France, Germany, Greece, Hungary, Ireland, Italy, Netherlands, Norway, Poland, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom, in particular in relation to off-social networks display ads ;
holds a strong market position in the supply of ad tech services in the EEA.
The Commission will now carry out an in-depth investigation into the effects of the transaction to determine whether its initial competition concerns regarding the online advertising markets are confirmed.
In addition, the Commission will also further examine:
the effects of the combination of Fitbit’s and Google’s databases and capabilities in the digital healthcare sector, which is still at a nascent stage in Europe; and
whether Google would have the ability and incentive to degrade the interoperability of rivals’ wearables with Google’s Android operating system for smartphones once it owns Fitbit.
During the initial investigation, the Commission has been closely cooperating with competition authorities around the world, as well as with the European Data Protection Board. The Commission will continue this cooperation also during the in-depth investigation.
The transaction was notified to the Commission on 15 June 2020. Google submitted commitments to address the Commission’s concerns on 13 July 2020. The commitment consisted in the creation of a data silo, which is a virtual storage of data, where certain data collected through wearable devices would have been kept separate from any other dataset within Google. The data in the silo would have been restricted from usage for Google’s advertising purposes. However, the Commission considers that the data silo commitment proposed by Google is insufficient to clearly dismiss the serious doubts identified at this stage as to the effects of the transaction. Among others, this is because the data silo remedy did not cover all the data that Google would access as a result of the transaction and would be valuable for advertising purposes.
The Commission now has 90 working days, until 9 December 2020, to take a decision. The opening of an in-depth inquiry does not prejudge the final result of the investigation.
Companies and products
Google is an American multinational technology company active in a wide range of product areas including online advertising technology, internet search, cloud computing, software, and hardware. Amongst other products and services, Google develops licensable operating systems for smartphones and smartwatches, as well as applications, such as a health and fitness application. The company also offers IT and information/research services for the healthcare industry. Google derives a significant majority of its revenues from online advertising via its internet search engine.
Fitbit is an American company active in the development, manufacturing and distribution of wearable devices (both smartwatches and fitness trackers) and connected scales in the health and wellness sector, as well as in the supply of related software and services.
Merger control and procedure
The Commission has the duty to assess mergers and acquisitions involving companies with a turnover above certain thresholds (see Article 1 of the Merger Regulation) and to prevent concentrations that would significantly impede effective competition in the EEA or any substantial part of it.
The vast majority of notified mergers do not pose competition problems and are cleared after a routine review. From the moment a transaction is notified, the Commission generally has 25 working days to decide whether to grant approval (Phase I) or to start an in-depth investigation (Phase II).
In addition to the current transaction, there are currently six on-going Phase II merger investigations: the proposed acquisition of Chantiers de l’Atlantique by Fincantieri, the proposed acquisition of GrandVision by EssilorLuxottica, the proposed acquisition of DSME by HHiH, the proposed acquisition of Transat by Air Canada, the proposed acquisition of Refinitiv by London Stock Exchange Group and the proposed merger of PSA and FCA.
More information will be available on the Commission’s competition website, in the Commission’s public case register under the case number M.9660.
Compliments of the European Commission.

In her written statement to the House Judiciary subcommittee on antitrust, Executive Vice President of the European Commission Margrethe Vestager warns that if digital platforms act unchecked, they can cause significant harm to competition, innovation and ultimately to consumers.
Read her statement here: STATEMENT BY MARGRETHE VESTAGER TO THE UNITED STATES HOUSE OF REPRESENTATIVES
Compliments of Delegation of the European Union to the United States.

Together with our members we are creating a Video series of first-hand accounts of the Pandemic’s impact, both personally & professionally.

We invite you to join us today for a first-hand look at the impact of the global shutdown following the Coronavirus (COVID-19) outbreak – Today we are featuring Mikkel Hagen Hess, Acting Consul General of Denmark in New York a Member of the EACCNY.
The questions we asked our members for this series are:1) What are some challenges you, personally and your organization have faced?2) What are some of the most surprising (positive, innovative) responses/changes you have witnessed?3) How will this experience change us going forward, as a society and in terms of how we do business?

 Members of the OECD Development Assistance Committee (DAC), comprised of 29 donor countries and the EU, have agreed on a method for reporting debt relief as official development assistance (ODA).
The agreement follows calls by developing countries and civil society for expanded international debt relief efforts. Creditors within the Paris Club, a forum of official creditors for negotiating debt restructuring, had asked as well for the system to encourage the forgiveness and rescheduling of debt. The new agreement paves the way for more resolute action to relieve developing countries of the burden of debt as they struggle with the economic and social consequences of the COVID-19 pandemic.
Under the new terms, donors are allowed to count the rescheduled or forgiven amounts as ODA, with the amount reported capped to the nominal value of the original loan: this means that the value of a dollar of a loan and its subsequent debt treatment in OECD ODA statistics would never be equal to or more than the value of a dollar that had been granted (given rather than lent). This aims to encourage donors to reschedule or cancel poor countries’ debt when they are not able to repay, while applying strict conditions of fairness and transparency in terms of reporting.
“To achieve the Sustainable Development Goals, we need a mixture of financing: grants, concessional and non-concessional loans, more private investment, more effective domestic resource mobilisation, as well as debt relief”, said DAC Chair Susanna Moorehead. “During the current crisis, poor countries are asking for debt relief. This collective decision by the DAC will generate much-needed support and development impact, and help ensure that ODA goes where partner countries need it most”.
“The agreement should make it easier for DAC Member creditors to implement debt relief initiatives”, said Jorge Moreira da Silva, OECD Director of Development Co-operation. “At the same time, by including a hard ceiling equal to the nominal value of the original loan for debt relief of ODA claims, it preserves the integrity of ODA”.
The agreement is an important step towards completing the modernisation of ODA statistics started in 2014 by DAC members. As part of this initiative, they implemented last year a new approach to measuring ODA: the grant-equivalent replaced the cash-flow method, in order to better reflect the actual efforts of donors. In 2014, they also committed to agreeing how to report debt relief according to this new grant-equivalent method.
Read the technical details of the agreement approved on 24 July 2020.
The OECD’s DAC is a forum for donor countries to agree on international principles, rules and other standards for international development co-operation. The DAC also publishes data and analysis on official aid flows, carries out Peer Reviews of DAC members’ performance in delivering development assistance and prepares policy guidance through its networks and partnerships.
CONTACT:
OECD Media Office, news.contact@OECD.org, +33 1 45 24 97 00
Compliments of the OECD.

The Annual Report on Monitoring the Application of EU Law sets out how the Commission monitored and enforced EU law in 2019, and the performance of Member States  in various policy areas.
The effective enforcement of EU law matters to citizens as it upholds the rights and benefits that they derive from EU law, which otherwise they would be denied. It also matters to businesses in order ensure a level-playing field across the internal market.
While the number of open infringement cases remained stable over the past year, the number of new infringement cases increased by over 20% compared to the previous year. Luxembourg, Estonia and Lithuania had the fewest number new opened cases for incorrect transposition or wrong application of EU law in 2019, whereas Spain, Italy and Greece faced the highest number.
The Commission continued to enforce firmly the rules across all policy fields while prioritising the areas which have the highest impact on the everyday lives of people and businesses. Some of the main policy areas targeted were environment, internal market, industry, entrepreneurship and SMEs, and transport and mobility. Together these represented half of all cases. For example, it took action against three Member States for excessive air pollution, and against five Member States which failed to ensure equivalent access for disabled users to the 112 single European emergency number.
The enforcement of EU law is based on cooperation. That is why the European Commission actively supports Member States in implementing EU law through guidance and dialogue. In 2019, it put particular focus on supporting national and regional authorities in implementing rules on waste management, air quality, energy efficiency, agricultural markets and gender equality.
Combatting late transposition of EU directives
For citizens and businesses to reap the benefits of EU law, it is crucial that Member States transpose European Directives into their national legal order within the agreed deadlines.
Over half of all infringement proceedings in 2019 were related to the late transposition of directives, although the number went down slightly (from 419 cases in 2018 to 406 in 2019). In comparison, the highest number of new late transposition cases in the last five years was in 2016 (847 cases). To facilitate timely and correct transposition, the Commission continued to assist Member States by preparing implementation plans, dedicated websites and guidance documents, and by exchanging best practices in expert group meetings.
Concerning late transposition cases, Bulgaria, Belgium, Greece and Cyprus had the highest number of new cases opened against them, whereas the fewest were open against Denmark, Italy and Lithuania.
The Commission continued to bring late transposition infringement cases to the Court of Justice with a request for daily penalties under Article 260(3) of the Treaty on the Functioning of the Europe Union (TFEU). Last year, the Commission referred Spain to the Court of Justice of the EU requesting financial penalties be applied (case C-658-19)
In its judgment of 8 July 2019 in Commission v Belgium, the Court of Justice applied for the first time the sanctions scheme of Article 260(3) TFEU. It imposed a daily penalty on Belgium (case C-543/17) for failure to adopt and communicate all the measures necessary for the transposition of the Directive on measures to reduce the cost of deploying high-speed electronic communications networks.
Background
Following a request made in 1984 by the European Parliament, the European Commission presents every year a report on the monitoring of application of EU law during the preceding year. The European Parliament then adopts a resolution on the Commission’s report.
As a matter of priority, the Commission targets problems where its enforcement action can make a real difference and benefit individuals and businesses. In the division of responsibilities between the European institutions, the European Commission has the general responsibility of initiating the legislative process. The Council and the European Parliament decide on the Commission’s proposals. The Member States are responsible for the timely and correct application, implementation and enforcement of EU law in the national legal order. The Commission closes this circle: once proposals are adopted and become EU law, it monitors whether the Member States are applying this law correctly and takes action if they are not.
Upholding the rule of law is one of the political priorities of the von der Leyen Commission.
Compliments of the European Commission.

The European Union and its member states have repeatedly signalled their concern and denounced malicious behaviour in cyberspace. Such behaviour is unacceptable as it undermines international security and stability and the benefits provided by the Internet and the use of Information and Communication Technologies (ICTs). We strongly promote a global, open, stable, peaceful and secure cyberspace where human rights and fundamental freedoms and the rule of law fully apply, supporting the acceleration of social, political and economic development.
In order to better prevent, discourage, deter and respond to such malicious behaviour in cyberspace, the Council decided today to apply restrictive measures to six individuals and three entities or bodies involved in cyber-attacks with a significant effect, or attempted cyber-attacks with a potentially significant effect, which constitute an external threat to the European Union or its member states, or with a significant effect against third States or international organisations. The measures concerned are a travel ban and asset freeze to natural persons and an asset freeze to entities or bodies. It is also prohibited to directly or indirectly make funds available to listed individuals and entities or bodies.
The measures follow the European Union and member states consistent signalling and determination to protect the integrity, security, social-wellbeing and prosperity of our free and democratic societies, as well as the rules-based order and the solid functioning of its international organisations. We will continue to strengthen our cooperation to advance international security and stability in cyberspace, increase global resilience and to raise awareness on cyber threats and malicious cyber activities.
The European Union and member states will continue to strongly promote responsible behaviour in cyberspace, and call upon every country to cooperate in favour of international peace and stability, to exercise due diligence and take appropriate action against actors conducting malicious cyber activities, as well as continue to contribute to the implementation of the existing consensus based on the by the UN General Assembly endorsed 2010, 2013 and 2015 reports of the UN Group of Governmental Experts in the field of Information and Telecommunications in the Context of International Security (UNGGE) and to advance cooperation to strengthen this consensus in the context of the current sixth UNGGE and the Open-Ended Working Group (OEWG) as well as other appropriate international fora in this regard.
Council decision concerning restrictive measures against cyber-attacks threatening the Union or its member states, 30 July 2020
Council implementing regulation concerning restrictive measures against cyber-attacks threatening the Union or its member states, 30 July 2020
Compliments of Council of the European Union.

The Council today decided to impose restrictive measures against six individuals and three entities responsible for or involved in various cyber-attacks. These include the attempted cyber-attack against the OPCW (Organisation for the Prohibition of Chemical Weapons) and those publicly known as ‘WannaCry’, ‘NotPetya’, and ‘Operation Cloud Hopper’.
The sanctions imposed include a travel ban and an asset freeze. In addition, EU persons and entities are forbidden from making funds available to those listed.
Sanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool. The legal framework for targeted restrictive measures against cyber-attacks was adopted in May 2019 and recently renewed.
Background
In recent years, the EU has scaled up its resilience and its ability to prevent, discourage, deter and respond to cyber threats and malicious cyber activities in order to safeguard European security and interests.
In June 2017, the EU stepped up its response by establishing a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (the “cyber diplomacy toolbox“). The framework allows the EU and its member states to use all CFSP measures, including restrictive measures if necessary, to prevent, discourage, deter and respond to malicious cyber activities targeting the integrity and security of the EU and its member states.
Targeted restrictive measures have a deterrent and dissuasive effect and should be distinguished from attribution of responsibility to a third state.
The EU remains committed to a global, open, stable, peaceful and secure cyberspace and therefore reiterates the need to strengthen international cooperation in order to promote the rules-based order in this area.
Compliments of the Council of the European Union.