The Regulation of Big Tech Companies in the Digital Era: The German and EU viewpoints

I. Introduction

”The empire strikes back“ – this could be the title not only of a Star Wars movie but also of the recent movements of legislators across the globe, in particular the European Union, concerning activities and business models of big technology enterprises such as the famous GAFA (Google – Apple – Facebook – Amazon). Regulators are responding to traditional industries complaining about being exploited or discriminated against by, and growing monopoly-like power of, big technology companies. Complaints relate to the exploitation and use of third-party created content such as news, while simultaneously refusing access to important data, thus constraining the creation of new business models. The complaints also touch on crucial issues for democracies such as open discussion of political issues or spreading of fake news, without incurring liability or denying responsibility for acting as gatekeepers for the services in question. 

Further, business models of big technology companies that include data collection and aggregation at unprecedented levels endanger the right to privacy of data subjects (a fundamental human right), resulting in profiling and even social scoring of behaviour of individuals. In combination with artificial intelligence, big data might be even be used to forecast the behaviour of individuals and influence their social life. Those business models thus endanger traditional values and human rights as well as traditional industry, which has sought intervention from the EU legislator.

This analysis brief sheds some light on these recent developments with a focus on the introduction of neighbouring rights for press publishers in copyright law as an answer to news aggregators such as Google News.

II. New proposals of the EU Commission to regulate big tech companies

The EU regulation package regarding the abovementioned risks of big technology companies began in 2016 with the adoption of the General Data Protection Regulation (GDPR). The Regulation applies to every data processor offering their services to EU citizens or just collecting data of EU citizens – even without offering services to them. Thus, the GDPR applies, in a certain sense, extraterritorially as it adopted the “market-principle”. Moreover, the GDPR provides for various comprehensive prohibitions such as tying clauses regarding the consent of data subjects to data collection by the data processor when offering services to the data subject. The GDPR provides for many additional restrictions on data processors, such as restrictions to the use of sensitive data (Art 9 GDPR) or prescribing a right for data subjects to have their data deleted (Art 17 GDPR). For data processors which are based outside the EU, the GDPR provides for comprehensive restrictions regarding the transfer of data across borders. All these prohibitions are bolstered by the introduction of severe penalties, following the example of penalties under antitrust provisions, based upon the annual global turnover of the data processor, even taking into account the turnover of the whole group of companies.

The GDPR has been accompanied by another directive regarding consumer protection concerning contracts about digital content – which is meant broadly and encompasses services such as social networks as well as the “sale” of eBooks or software. Of special interest here is the provision under which contracts providing “only” for an exchange of data instead of any kind of payment should also be regulated – thus covering all kinds of “free” and “gratuitous” services such as search engines, messenger services, or social networks.

However, the recent proposal of several “digital acts” are cornerstones of the strategy of the European Commission for coping with the fundamental risks posed by big technology companies. These “digital acts” consist for the time being of the proposal of 

  • a Digital Markets Act (DMA)
  • a Digital Services Act (DSA)
  • a Data Governance Act (DGA)
  • and an Act on Regulation of Artificial Intelligence (AI-Act).

For all these acts, the extraterritorial approach already used by the GDPR is common – hence, they apply to all providers and operators as long as they are offering services or products inside the EU. Moreover, the enforcement approach adopted by the GDPR has also served as a blueprint to the proposed acts, with penalties calculated at up to 4-6% (in case of the DMA even 10%) of the global annual turnover of companies.

The DMA and the DSA are targeted in particular at regulatory activities and business models of big technology companies: 

The DMA broadly aims to safeguard competition and access to aggregated data of so-called gatekeepers, treating them as operators of essential facilities. A gatekeeper is defined under Art 3(1)a) as a company with €6,5 billion annual turnover, and active in at least three member states, and (Art 3(1)b), with more than 45 million active users and 10,000 commercial users. Gatekeepers may not use personal data collected by other commercial users of their platforms, may not hinder commercial users from using their own software or identity accounts for their clients, and may not give preference to their own offers over those of other commercial users and their services (complementors), for example, by ranking them down. Gatekeepers are also obliged to offer access to information about advertisement services, including the fees they collect for specific marketing activities. Last but not least, gatekeepers must guarantee interoperability for (commercial) users to use their own software systems. However, of utmost importance is the right for commercial users to have free access in real time to all aggregated data that have been generated due to the use of services offered by these commercial users.

Flanking the DMA, the DSA intends to relaunch and clarify the former liability safe harbour privileges for providers in a more sophisticated way, related to the importance and size of the provider. Thus, in principle, the general liability privileges of Art 12-15 of the former e-Commerce-Directive are maintained, but with modifications for online platforms and in particular for very large online platforms. Concerning online platforms, the DSA requires providers to establish effective complaint mechanisms including out-of-court dispute settlement procedures (Art 18 DSA). Very large online platforms are defined along the lines of the DMA, hence, 45 million active users are required in order to trigger the specific obligations. One of them consists in establishing a risk management system that should mitigate specific risks of content curation and distribution of fake news or any other risks to fundamental rights, Art 26 DSA. The obligations also provide for the establishment of a compliance officer and of regular auditing procedures, moreover requiring users of recommendation systems to have at least one opt-out possibility, Art 29 DSA.

The Data Governance Act (DGA) intends to establish a legal framework for platforms trading data in order to defend business interests as well as data protection rules for data subjects. The DGA provides rules for platform providers as well as for users and traders of data which should safeguard the data protection provisions of the GDPR. At the same time the DGA obliges the operators of those platforms to offer secure environments so that data cannot be misused by third parties etc.

Finally, the recently proposed AI-Act envisages traditional product safety provisions applied to AI-systems, whilst keeping in mind that AI does not only pose risks to the security of users or third parties affected by AI systems, but also to fundamental rights of users or third parties, for instance, in case of biometrical identification systems or social scoring systems. The AI-Act defines, in general, three steps in order to cope with risks of AI-systems: 

First, a general prohibition of certain AI-systems that are able to manipulate human behaviour or would establish social scoring systems (a prohibition which applies, however, only to state authorities). 

Second, requirements for risk management and quality management systems for high-risk AI-systems which are defined as affecting fundamental rights. These systems must also meet some fundamental obligations such as establishing human oversight, data governance rules (in order to cope with the general issue of biased training data), and robustness and accuracy of the system. All systems fall under traditional conformity procedures according to European product safety directives or newly established conformity procedures for stand-alone AI-systems (requiring only internal control of AI-providers and a registration in an EU-database).

Third, all other AI-systems are covered only by the proposed AI-Act in specific cases, such as AI-systems which are not high-risk but which still may affect human behaviour such as manipulating videos, photos, etc, so that users may be misled about whether that they are talking to a human being or “bot”, Art 52 AI-Act. In these cases, the provider of the AI-system must inform users that they are communicating with an automated system.

III. The example of neighbouring rights of press and media publishers

In line with these efforts to regulate big technology enterprises, copyright law is playing an important role, as many traditional content producers feel platforms unfairly earn revenue through the use of their content. Besides heated debates regarding liability of online sharing-platforms such as YouTube (but also social networks such as Facebook) including upload-filters (which we will not discuss here), the newly introduced neighbouring right for press publishers is a pars pro toto example for the conflict between traditional content enterprises and new big technology companies.

The basic problem may be outlined very briefly: Traditional publishers such as newspapers are forced to engage more and more in online distribution of their content, mostly offering this content for free, in order to attract readers and generate income by advertisements. On the other side, news aggregators such as Google News make use of the free content available online by collecting headlines and creating snippets, including hyperlinks, enabling users to read the whole article if they are interested in clicking through. The revenues are created by personalised advertisements for users who searched Google News. Hence, press publishers feel “exploited” by Google News (or other news aggregators) as their content is used without any licence fee paid to the press publisher. On the other hand, Google News (and similar aggregators) claim that they generate internet traffic by linking users to specific content and websites, which press publishers usually wanted such that Google News should be considered as just another form of a sophisticated search engine.

A) The blueprints in national jurisdictions such as Germany

The German legislator reacted to public pressure exerted by press publishers in 2013 by introducing the new neighbouring right for press publications (sec 87f- 87h Copyright Act). Prior to the adoption of the amending act, a heated debate between the internet community, academics, and other stakeholders on one side and press publishers on the other side concentrated on the core arguments for and against the proposed neighbouring right. Whereas press publishers focused on the exploitation by news aggregators of their content offered for free on the internet and thus invoked fundamental dangers for a quality-centred journalism and its importance for democratic opinion building, critics focussed on the abilities of press publishers to protect themselves against unwanted indexing by using robot.txt. Moreover, critics pointed out that a new neighbouring right, which should be independent from original copyright, was not necessary as journalists had already transferred their copyrights in articles to press publishers (as rights holders). In addition, the envisaged press publishers’ neighbouring right endangered the free flow of information as it also covered hyperlinks, small snippets, and even information not covered by copyright such as weather forecasts or football results.

During the legislative process, the Act was modified so as to exclude any private use of press publisher news and hyperlinks etc. Moreover, small text passages up to eight words were exempt from the press publishing right. The period of protection of press publications was limited to one year.

The European Court of Justice, however, declared the German amending act regarding press publishing rights to be void on the ground that the European Commission had not been previously notified of the Act – which was necessary for all Acts concerning information society services according to an EU directive (EU 98/48/EC).

As an effect of this newly introduced press publishing right Google demanded from the collecting society (Verwertungsgesellschaft Media) a free licence if press publishers still wanted to be listed on their search engine Google News – a demand to which VG Media and press publishers agreed. However, at the same time they launched an antitrust complaint against Google claiming that the free licences were the result of Google’s discriminatory abuse of market power. The German authority for antitrust issues – the Bundeskartellamt – denied the complaint as it qualified Google’s request for press publishers to opt-in as not constituting discriminatory behaviour or abuse of market power.

A claim for damages launched by VG Media at the regional court of Berlin (Landgericht Berlin) was withdrawn after the European Court of Justice declared void the German amending act on press publisher’s neighbouring rights.

Spain also introduced a neighbouring right – in response to which Google cancelled all new related news services. However, in France Google seems not to be on the winning side as the appellate court (Court d`appel) recently upheld a decision of the French antitrust authority stating that Google must strike a deal with press publishers and agree to a reasonable licence for linking snippets etc to the news of press publishers.

Unlike Germany, however, France has already transposed the new Art 15 Digital Single Market Directive (DSMD) into domestic law.

B) The evolution of the neighbouring right in the DSMD

On the European level, a similar debate was launched during the adoption of the new DSMD, which has also stirred up vehement opposition by academics.

Whereas the first drafts of the EU Commission provided for a broader notion of press publications, including hyperlinks etc and a period of time of protection of 20 years, including publications predating the adoption of the DSMD, the EU Parliament lowered these strict requirements to some extent by reducing the period of protection to two years and by introducing exemptions to the press publisher right such as hyperlinks or non-commercial users. 

Eventually, the neighbouring right for press publishers was adopted in Art 15 of the DSMD. In Recitals 54 and 55, the DSMD suggests the background for this decision to be “to ensure quality journalism and citizens’ access to information. It provides a fundamental contribution to public debate and the proper functioning of a democratic society” (Recital 54). And:

“Publishers of press publications are facing problems in licensing the online use of their publications to the providers of those kinds of services, making it more difficult for them to recoup their investments. In the absence of recognition of publishers of press publications as rightholders, the licensing and enforcement of rights in press publications regarding online uses by information society service providers in the digital environment are often complex and inefficient. The organisational and financial contribution of publishers in producing press publications needs to be recognised and further encouraged to ensure the sustainability of the publishing industry and thereby foster the availability of reliable information.”

(Recital 54)

C) Interpretation and open issues of the neighbouring right (Art 15 DSMD)

Even though Art 2(4) and 15 of the DSMD try to specify the extent of neighbouring rights for press publishers, there are still many issues left for interpretation.

Already the scope of press publications covered by Art 2(4), 15 DSMD remains unclear: Art 2(4) DSMD defines “press publication” as a collection composed mainly of literary works of a journalistic nature, but which can also include other works or other subject matter, and which (a) constitutes an individual item within a periodical or regularly updated publication under a single title, such as a newspaper or a general or special interest magazine, and so forth. This definition of press publication specifies a “collection composed mainly of literary works of a journalistic nature”. However, such collections are not limited to literary works, but also comprise “other works or other subject matter”. Together, the definition is extremely broad. Even if Art 2(4)b) DSMD limits the definition to collections with “the purpose of providing the general public with information related to news”, it expands the scope again to also include “other topics”. Hence, even a collection of football results, weather forecasts, or knitting recipes could, in theory, be included in the “press publication”. Note that Recital 57 does state that “mere facts reported in press publications” should not be granted the protection of press publications.

Hence, the only real restriction is defined under Art 2(4)c) DSMD which requires that the press publication “is published under the initiative, editorial responsibility and control of a service provider”. However, even this definition seems to be very broad as “service provider” could encompass not only press publishers or news agencies but also every other provider of press content. Only blogs etc which are published on a “stand-alone-basis” are not covered according to Recital 56.

As mentioned previously, Art 15(1) sub 2-4 DSMD tries to limit the extent of the right by exempting non-commercial use, acts of hyperlinking, as well as short extracts. Moreover, Art 15(3) and Recital 57 DSMD confirm that all limitations in place for copyrighted works also apply to the neighbouring right of press publications, in particular quotations for purposes such as criticism or review (referring to Art 5(3)d) Directive 2001/29/EC).

Finally, Art 15(2) and (5) DSMD affirm that press publication rights may not be exercised against authors and rightsholders in respect of their works incorporated in press publications, and that these rightsholders are entitled to an appropriate share of the revenues of press publishers.

IV. Outlook

Taking the example of press publisher rights, it appears that only when coupled with the use of antitrust law (as shown in the French example) has the newly introduced right achieved improvements for distribution of revenues to media companies. Moreover, the case of press publisher’s protection may lead to unwanted new entry barriers for new market players such as blogs which evolve over time – and are now not being covered by the new right rather than being blocked. Hence, legislative proposals such as the Digital Markets Act (and the Digital Services Act) seem to be more promising (as they are addressing more or less directly market power issues) than the introduction of new property rights which are opaque and very difficult to delineate. New property rights also make it difficult to keep the balance between the interests of information society (in order to keep information channels open) and those of press publishers.

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p 1-88.
  2. Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services, OJ L 136, 22.5.2019, p. 1-27.
  3. Cf. European Commission The European Digital Strategy,, last accessed at 25.5.2021.
  4. Proposal for a Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act), 15 December 2020, COM(2020) 842 final.
  5. Proposal for a Regulation of the European Parliament and of the Council on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC, 15 December 2020, COM(2020) 825 final.
  6. Proposal for a Regulation of the European Parliament and of the Council on European data governance (Data Governance Act), 25 November 2020, COM(2020) 767 final.
  7. Proposal for a Regulation of the European Parliament and of the Council laying down harmonized rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts, 21 April 2021, COM(2021) 206 final.
  8. Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), OJ L 178, 17.7.2000, p1-16.
  9. Achtes Gesetz zur Änderung des Urheberrechtsgesetzes of 07.05.2013, published in the official journal (Bundesgesetzblatt) 2013, Part I S. 1161 (Nr. 23).
  10. See for example IGEL – Initiative gegen ein Leistungsschutzrecht,
  11. See pars pro toto Max-Planck-Institut für Immaterialgüter-und Wettbewerbsrecht, Stellungnahme zum Gesetzesentwurf für eine Ergänzung des Urheberrechtsgesetzes durch ein Leistungsschutzrecht für Verleger, 27.11.2012,
  12. See the „Hamburger Erklärung zum geistigen Eigentum“,
  13. Decision of the European Court of Justice of 12.12.2019, Case C299/17, VG Media Gesellschaft zur Verwertung der Urheber- und Leistungsschutzrechte von Medienunternehmen mbH/Google LLC,
  14. The directive has now been replaced by Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services, OJ L 241, 17.9.2015, p1-15.
  15. Fallbericht, Entscheidung nach § 32c GWB in der Auseinandersetzung zwischen Google einerseits sowie diversen Presseverlagen und der VG Media andererseits über den Umgang mit dem Leistungsschutzrecht des Presseverlegers, 8.9.2015, B6-126/14,
  16. See VG-Media konzentriert sich auf neues europaweites Recht of 4.6.2020,
  17. Court d`Appel de Paris, arrêt du 8 Octobre 2020, Rg-No: 20/08071
  18. Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC, OJ L 130/92 of 17.5.2019.
  19. See Academics against Press Publishers’ Right: 169 European Academics warn against it. 24.4.2018,

Prof Dr Gerald Spindler

University of Goettingen, Germany


Prof Dr Gerald Spindler, born in 1960, studied Law and Economics in Frankfurt am Main, Hagen, Geneva and Lausanne. He is a fully tenured Professor of Civil Law, Commercial and Economic Law, Comparative Law, and Multimedia and Telecommunication Law at the University of Goettingen/Germany, where he is mainly occupied with legal issues regarding E-Commerce, ie, Internet and Telecommunication Law. He was elected as a fully tenured Member of the German Academy of Sciences, Goettingen, in 2004. Apart from teaching, he has published various books (more than 20), commentaries (annotated codes), and more than 400 papers in law reviews as well as expert legal opinions. 

Prof Spindler was elected as general rapporteur for the bi-annual German Law Conference regarding privacy and personality rights on the internet (2012). He is the editor of two of the most renowned German law reviews covering the whole area of cyberspace law and telecommunication law. Further, he is the co-editor of international journals on copyright law, and founder and editor of JIPITEC, an open access-based journal for intellectual property rights and e-commerce which has won awards by research foundations. 

The EU commissioned him to review the E-Commerce Directive in 2007 (DG Internal Market); he is currently an expert for data economy for the single market (2017). He was also recently (June 2018) appointed as High Level Expert for legal issues of New Technologies, in particular artificial intelligency and liability.

Regarding Data Protection, Prof Dr Spindler was involved in the negotiations of the GDPR as an external consultant for the German government.