The EU's effort to build a comprehensive set of rules for the digital single market is nearing completion.

In 2019, many new pieces of legislation have been adopted or entered into force across the EU, such as the European Electronic Communications Code (EECC), the Regulation on the free flow of non-personal data, the new Audiovisual Media Service Directive (AVMSD) and the Directive on copyright.

The EECC creates a new regulatory framework for electronic communications, focusing on encouraging investments in high-capacity networks.

The new regulation on the protection of personal data in electronic communications, which is meant to apply not only to traditional telecom operators, but also to OTT service providers (such as WhatsApp, Facebook and Skype), is expected to be adopted by the end of 2019.

Moreover, in March 2019 the Commission issued its decision in the proceedings initiated against Google concerning the AdSense search advertising service, imposing a fine of €1.49 billion for abusive practices in online advertising.


i The regulators

The European Commission (Commission) is the main regulatory body at the EU level. The Commission is equipped with a variety of regulatory and enforcement powers in areas related to TMT, including antitrust, privacy,2 online transactions, intellectual property3 and consolidation of the internal market for electronic communications.4 The Commission oversees the measures proposed by national regulatory authorities (NRAs) to address problems relating to competition in telecommunications markets.

The BEREC Regulation established the Body of European Regulators for Electronic Communications (BEREC),5 which became fully functional in 2011. Its role is to guarantee consistent application of the EU regulatory framework by, for example, delivering opinions on NRAs' draft regulatory measures and, upon request, offering assistance to NRAs in carrying out their duties under EU law. The Commission turns to BEREC before adopting recommendations on relevant product and service markets, which guide NRAs when they define the relevant national markets. The Commission may also task BEREC with carrying out ad hoc market studies.

In September 2016, the Commission proposed an updated BEREC Regulation to transform BEREC into an agency.6 The Commission's ambitious proposal envisaged turning BEREC into an agency with legally binding powers to ensure that the regulatory framework is applied consistently. However, in a draft report presented in February 2017, the appointed rapporteur stated that the status quo is functioning well and suggested that there is no need to turn BEREC into an agency. Accordingly, the initial proposal was scaled down. In the final trialogue on this matter, held on 5 June 2018, the European Parliament and the Council agreed on a compromise.

The new BEREC Regulation,7 which entered into force on 20 December 2018, repeals Regulation (EC) No. 1211/2009. BEREC remains a body of national regulators, with no regulatory powers. However, the new regulation establishes the Agency for Support for BEREC (BEREC Office), which has legal personality, and strengthens the role of BEREC. The latter is entrusted with ensuring the consistent implementation of the regulatory framework for electronic communications across the EU. To avoid fragmented implementation, BEREC will issue advices to the NRAs as well as draft opinions and guidelines.

ii Regulated activities

In 2002, the EU adopted a new comprehensive regulatory framework for ECNs and services, with the aim of fostering consistent regulation across the EU. In 2009, Directive 2009/140/EC,8 Directive 2009/136/EC9 and Regulation (EC) No. 1211/2009 were adopted to improve and revise the 2002 regulatory framework.

As part of the DSM strategy, in May 2015 the Commission announced a complete review of the framework for electronic communications. The consultation closed in December 2015. In the context of the 2016 annual State of the Union,10 the Commission presented the connectivity package, proposing to strengthen the role of BEREC and to recast four of the existing directives (the Framework, Authorisation, Access and Universal Service Directives) into a new European code.11

On 20 December 2018, Directive 2018/1972 establishing the EECC entered into force (see Section VI). The Code overhauls the EU rules on electronic communications by merging the four directives into a single piece of legislation. Member States have to transpose the Directive into national legislation by 21 December 2020.

Within the framework of the DSM strategy, new rules to modernise the EU copyright regime, including two regulations and two directives, were adopted between 2017 and 2019.12

In particular, in March 2019 and April 2019, respectively, the Parliament (in plenary) and the Council approved a new Directive on copyright in the Digital Single Market (see Section VI). The Directive was published on 15 May 2019 in the Official Journal of the European Union and Member States must transpose the new rules into national law by 7 June 2021.

Audiovisual content was previously regulated by the Television Without Frontiers Directive. With the last revision in 2007, the Directive was renamed the Audiovisual Media Services Directive (AVMS), which was then codified in 2010.13 In May 2016, the Commission tabled a proposal to reform the AVMS Directive. The new AVMS Directive was published in the Official Journal of the European Union on 28 November 2018 and Member States have 21 months to transpose it into national legislation (see Section V).

In the framework of the DSM strategy, the Commission adopted a regulation on geo-blocking and other forms of discrimination based on nationality, residence or place of establishment, which targets unjustified geographically based restrictions to cross-border trade. The new regulation against unjustified geo-blocking entered into force on 22 March 2018 and applies from 3 December 2018.14 The Regulation prohibits traders from discriminating against customers by denying them access to internet content on the basis of their location, and allows re-routing to a different version of a website only if a customer has given prior consent. It also prohibits discrimination of customers in relation to payments.

Geo-blocking measures also affect the portability of online services: users who have subscribed to certain online content (such as music, films, e-books and videogames) in their country are often denied access to the same content while travelling in another Member State. To address this issue, on 14 June 2017, the Parliament and the Council adopted the Regulation on cross-border portability of online content services, which applies from 1 April 2018.15 The regulation ensures that subscribers to online content services in the EU have the right to access and use these services while temporarily present in another Member State (e.g., in the case of holidays, business trips or learning periods).

The Commission also has extensive investigative powers in the area of antitrust. It cooperates with national competition authorities (NCAs) to prohibit concerted practices, agreements restricting competition and unilateral anticompetitive behaviour. The Commission has exclusive jurisdiction over mergers above certain thresholds, including in the area of TMT.16

iii Ownership and market access restrictions

In principle, EU undertakings and undertakings from non-EU states with reciprocity agreements can freely provide electronic communication services and networks. As previously established by the Authorisation Directive,17 under the EECC a prospective electronic communications provider needs an authorisation from the competent NRA (Article 12). Any limitation set by a Member State to the freedom to provide electronic communications networks and services must be duly motivated and notified to the Commission. Obtaining the authorisation involves a procedure whereby an applicant notifies the NRA of its intentions and does not have to wait for approval by the NRA. The information that may be requested in such a notification must be limited to what is necessary to identify the provider. Even though the proposed amendment of having a single notification to BEREC was not inserted in the EECC, the information that may be requested by the NRAs has been harmonised (Article 12.4).

However, number-independent interpersonal communications services, which under the new EECC fall into the category of electronic communications services (ECS), are not subject to the general authorisation regime requiring registration with the NRAs.

Finally, the use of spectrum in telecommunications is subject to a licence granted by Member States.


i Internet and internet protocol regulation

On 25 November 2015, the European Parliament and the Council adopted Regulation (EU) No. 2015/2120 (Open Internet Regulation).18

The Open Internet Regulation aims, first of all, to safeguard net neutrality. Within the EU, all internet traffic will be treated equally, subject to some specific public interest exceptions (e.g., those concerning network security and child pornography). Providers of internet access services must abstain from any discrimination, restriction or interference, irrespective of the sender and receiver, the content accessed or distributed, the applications or services used or provided, or the terminal equipment used.19 Blocking, throttling, degradation or discrimination of internet traffic by ISPs is prohibited. IAPs can still adopt different traffic management measures without being discriminatory, but only for 'objectively different categories of traffic' (e.g., services like e-medicine), rather than for commercial reasons.20

Traffic management measures that do not comply with the above requirements are allowed only under three specific exceptions: compliance with EU or national legislation that requires, for example, blocking of specific content, applications or services; protection of the integrity and security of the network; and prevention of network congestions that are temporary or occur in exceptional circumstances.

For a limited number of services, such as high-quality voice calling on mobile networks, linear (live) broadcasting IPTV services with specific quality requirements and real-time health services (e.g., remote surgery), for which an assured level of access is indispensable to deliver the service, the Regulation allows for the provision of fast lanes provided that network capacity is sufficient.21

In addition, the Regulation provides for the end of roaming charges, which became effective from 15 June 2017 through a gradual one-year phase-out process.

On 30 April 2019, the Commission issued a report on the implementation of the Open Internet Regulation,22 concluding that the Regulation's principles are effective in protecting end users' rights and promoting open access to the internet.

ii Universal service

The EECC updates the EU universal service rules previously provided for by the repealed Universal Service Directive.23 Pursuant to Article 84, Member States must now also ensure the provision of affordable access to 'adequate broadband', in addition to voice communication services available at a fixed location. Adequate broadband is defined, taking into account BEREC reports, as the band 'necessary for social and economic participation in society' (i.e., the minimum quantity that is needed for services such as email, internet banking, instant messaging, calls, video calls and social media).

The EECC entrusts NRAs with monitoring the retail prices of broadband internet access service and voice communications services, in particular in relation to national prices and national consumer income. If prices prevent consumers with a low income from accessing those services, Member States may require service providers to grant special tariff options, different from normal commercial conditions.

Pursuant to Article 90, the net costs of universal service must be financed by general taxpayer funds or specific taxes levied on electronic communications networks and service providers.

iii Restrictions on the provision of service

NGA Recommendation

The Commission adopted a recommendation on NGA networks on 20 September 2010.24 The NGA Recommendation seeks to provide NRAs with guidance to promote a common approach when deciding whether to impose obligations on incumbents in connection with NGA networks.

The Recommendation primarily covers remedies to be imposed on operators deemed to have significant market power. However, where it is justified on the grounds that duplication of infrastructure is economically inefficient or physically impracticable, NRAs may also impose obligations of reciprocal sharing of facilities on non-dominant undertakings, which would be appropriate to overcome bottlenecks in the civil engineering infrastructure and terminating segments.

The EECC reaffirms the obligation for operators with significant market power to grant rights to use or rights of access to civil infrastructure (such as, among others, buildings, antennae, towers, poles, ducts), when the NRAs consider that access denial would hinder competition on the market and would not be in the end user's interest (Article 72).

Access Recommendation

After a long debate with BEREC and NRAs, the Commission published a recommendation on access remedies on 11 September 2013.25 The Access Recommendation relies on two pillars: ensuring equivalence of access and setting out a harmonised costing methodology.

As to the first pillar, the Commission suggests that equivalence of input (EoI) (i.e., the supply to competitors of the same access services enjoyed by a vertically integrated company's downstream units) is in principle the surest way to avoid non-price discrimination.26

As to the second pillar, the Commission suggested the adoption of a common costing methodology (called bottom up – LRIC +) that, for copper-based local loop unbundling services, should have led to monthly tariffs within a defined price band.27 The Commission recommended that, once they have set tariffs within the mentioned price band, NRAs should not modify the costing methodology (and hence the tariffs) without a market-analysis procedure, and should avoid undue price fluctuations by ensuring stable access prices over at least two review periods (i.e., about six years).

The EECC makes reference to the costing methodology set out in the Access Recommendation,28 stating that the method of cost recovery should take into account (1) the need to promote efficiency, sustainable competition and the deployment of high-capacity networks, and (2) the need to have predictable and stable wholesale prices for the benefit of operators seeking to deploy new and enhanced networks.

Monitoring and control of content

The Electronic Commerce Directive29 explicitly sets out that no intermediary should be obliged to engage in monitoring activities of a general nature (mere conduit rule).30

The interpretation of the mere conduit rule was probed in two cases before the CJEU, which concerned the possible responsibility of Scarlet (an ISP) and Netlog (a social networking website) for exchanges of allegedly unlawful content by its users.31 In essence, according to the CJEU, the EU framework does not require a hosting service provider to filter all information stored by users as a preventive measure. However, the Court left open the question on the admissibility of injunctions against specifically determined copyright-infringing practices.

On 27 March 2014, the CJEU held that an ISP may be ordered to block its customers' access to a copyright-infringing website (UPC Telekabel).32

In September 2016, the CJEU provided an interpretation of the mere conduit rule in a case concerning the liability of free Wi-Fi network providers for copyright infringements committed by its users (Mc Fadden).33 The CJEU stated that, under the mere conduit rule, the provider of a free Wi-Fi connection cannot be held responsible for the download of unlawful content by its users. However, the copyright holder can seek an injunction ordering such open Wi-Fi to be protected with a password, as this would prevent future infringements by requiring users to reveal their identity.

In August 2018,34 the CJEU stated that the mere conduit rule must be interpreted as meaning that the limitations of liability apply to the provider of an IP address rental service allowing the anonymous use of internet domain names, insofar as the activity of such a service provider is of a merely technical, automatic and passive nature, meaning that it has neither knowledge of, nor control over, the information transmitted or cached by its customers, and insofar as it does not play an active role in allowing those customers to optimise their online sales activity.

The proposal for the Directive on Copyright in the Digital Single Market35 contained a provision (in Article 13) that appeared to be more far-reaching than the mere conduit rule, as it required information society service providers to take appropriate and proportionate measures to ensure copyright protection also through effective content recognition technologies, thus introducing, to a certain extent, an obligation to monitor. However, the final version of the Directive on copyright in the Digital Single Market does not contain this provision, and it expressly states that no general monitoring obligation is imposed on IPSs (Article 17.8).

Another crucial aspect concerning the role of ISPs relates to the right to be forgotten. On 13 May 2014, the CJEU held that, by searching systematically for information published on the internet, indexing websites, and recording and making them available, the operator of a search engine is processing personal data within the meaning of Article 2(b) of Directive 95/46/EC (Google Spain).36

The Court did not describe such processing as unlawful, but clarified that even initially lawful processing of accurate data may become incompatible with the Directive 'where those data are no longer necessary in the light of the purposes for which they were collected or processed [. . .] in particular where they appear to be inadequate, irrelevant or no longer relevant, or excessive in relation to those purposes and in the light of the time that has elapsed'.37

The CJEU addressed the extent of the right to be forgotten in two judgments adopted on 24 September 2019.38 The cases were referred to the Court by the French Council of State and focus on two main issues: whether the right to be forgotten should be absolute - that is, automatic removal is required when the content involves sensitive personal data, such as political affiliations or a criminal record; and whether the right to be forgotten should apply globally, beyond the boundaries of Europe.

In the first case the Court concluded that the operator of a search engine is in principle required to accede to requests for de-referencing in relation to links to web pages containing sensitive personal data. It is, however, required to ascertain whether the inclusion of that link in the list of results displayed following a search on the basis of the data subject's name is strictly necessary for protecting the freedom of information of internet users. Where the information relates to an earlier stage of the legal proceedings in which the person is involved that no longer corresponds to the current situation, the operator of a search engine is in principle required to accede to a request for de-referencing.

In the second judgment, the Court concluded that where a search engine operator grants a request for de-referencing a certain link, it is not required to de-reference it globally (i.e., on all versions of its search engine), but only on the versions of that search engine used in the EU Member States.

On 28 September 2017, the Commission presented guidelines for online platforms to tackle illegal content39 aimed at improving the prevention, detection and effective removal of illegal content inciting terrorist propaganda and racist speech, and also preventing its reappearance through automatic tools.

Building upon the guidelines, on 1 March 2018 the Commission proposed a recommendation containing a set of operational measures to be taken by companies and Member States to remove illegal online content, such as the creation of fast-track procedures for trusted flaggers (i.e., individuals or entities considered by a hosting service provider to have particular expertise and responsibilities for the purposes of tackling illegal online content).40 In particular, terrorist content should be removed within one hour following a referral by Europol or other competent authorities.

Finally, in April 2018 the Commission adopted a communication calling upon platforms to increase their efforts to tackle online disinformation and the spread of fake news.41 In particular, platforms should improve the scrutiny of advertisement placements, ensure transparency about sponsored content and close fake accounts more efficiently.

On 26 September 2018, a Code of Practice was published by online platforms, leading social networks, advertisers and the advertising industry. The self-regulatory Code of Practice is the first outcome of the April 2018 Communication and aims to reduce online disinformation by, for example, implementing a better scrutiny of advertisement placements to demonetise the spreading of disinformation, or making it easier for users to discover and access trustworthy and diverse news sources.

iv Security

Privacy and data retention

On 27 April 2016, the European Parliament and the Council adopted the General Data Protection Regulation (GDPR)42 together with the Police and Criminal Justice Data Protection Directive.43 On 25 May 2018, the GDPR entered into force. It replaced the EU Data Protection Directive44 and harmonised the processing of personal data by companies and public authorities across the EU.

Member States had to implement the Criminal Justice Data Protection Directive by 6 May 2018.

The Council and the Parliament made important changes to the Commission's proposal, remarking that, inter alia:

  1. data protection is not an absolute right and must be weighed against other fundamental rights;45
  2. data portability is restricted to data provided by individuals and does not apply if it adversely affects the rights and freedoms of others;46
  3. automated decision-making, including profiling, is permitted for fraud and tax evasion monitoring and prevention purposes, and to ensure the security and reliability of a service provided by a controller;47 and
  4. sanctions are to be proportionate.48

The new rules principally advantage small and medium-sized enterprises by reducing unnecessary administrative requirements such as notification requirements for companies. The right to be forgotten has been reinforced, and a right to data portability facilitates transfer of personal data between service providers. Furthermore, the Regulation provides that market operators established outside Europe will have to apply the same rules when offering services in the EU, and it brings forward a one-stop shop for companies and users, who will only have to deal with one single supervisory authority, facilitating cross-border operations and business in the EU. The Regulation also ensures stronger protection against data breaches, as it provides that a company experiencing a breach has to report it to the relevant data protection authority within 72 hours.

In line with the Data Protection Directive previously in force, Article 45 of the GDPR provides that the transfer of personal data from the EU to a country outside the EU or EEA may take place if that third country ensures an adequate level of protection of the data. The Commission has the power to determine whether a third country ensures an adequate level of protection, taking into account the relevant domestic legislation, respect for human rights and fundamental freedoms, and the international agreements that the third country concerned has entered into.

In 2000, under the regime previously in force, the Commission adopted a decision on the adequacy of the protection provided by the safe harbour privacy principles with regard to the US (Safe Harbor Adequacy decision).49 On 6 October 2015, the CJEU invalidated the 2000 Safe Harbor decision.50

In February 2016, the Commission put forward a successor agreement (known as the EU–US Privacy Shield).51 As in the case of the former Safe Harbor Agreement, the Privacy Shield is intended to enable personal data of EU citizens to be transmitted to and processed in the United States. The final draft of the Privacy Shield, which was adopted by the Commission on 11 July 2016 by majority vote of the Member States, includes privacy principles that stipulate improved data protection requirements compared with the safe harbour with which US companies must comply if they want to be certified under the Shield. Following criticism of the first draft of the Privacy Shield, in a revised draft the Commission endeavoured to assuage, in particular, the concerns expressed recently by the Article 29 Working Party, the independent advisory body on data protection and privacy that comprises representatives from national data protection authorities in Europe.

On 12 July 2016, the Commission adopted the Privacy Shield Adequacy Decision,52 certifying that this measure ensures an adequate level of protection for the transfer of personal data in the US. On 16 September 2016, Digital Rights Ireland brought an action for annulment before the CJEU against the Commission's adequacy decision,53 challenging in particular the legality of the mass recording of personal data by US public authorities, which remains possible under the Shield. On 22 November 2017, the General Court dismissed as inadmissible the action brought by Digital Rights Ireland.

On 9 January 2018, the Commission issued a notice stating that, as of the date of the UK's withdrawal from the European Union, the UK will be treated as a third country within the meaning of GDPR rules on the transfer of personal data. Accordingly, it will not be automatically granted the status of a safe third country.

The adoption of the GDPR also affects the ePrivacy Directive,54 which is lex specialis for the electronic communications sector. Given that most articles of the current ePrivacy Directive only apply to traditional telecoms companies but not to the growing number of OTT providers (that is, providers using the internet to deliver content), on 10 January 2017 the Commission presented a proposal for a 'Regulation concerning the respect for private life and the protection of personal data in electronic communications' (ePrivacy Regulation), aimed at replacing the ePrivacy Directive.

The proposed ePrivacy Regulation would apply not only to traditional telecom operators, but also to OTT service providers (such as Whatsapp, Facebook and Skype) that currently do not fall within the scope of the ePrivacy Directive. It would also apply to non-EU operators that provide services to users located in the EU.

The new rules place great emphasis on end users' consent. Service providers must obtain users' consent to process electronic communications content and metadata, such as data on the location of where a phone call was made. The Regulation would introduce more user-friendly methods to obtain such consent (e.g., appropriate settings of a browser or other application). The proposed Regulation also addresses the privacy concerns raised by tools that allow tracking of the online activities of users, such as cookies, by requiring a clear affirmative action to express consent to their use.

In April 2017, the Article 29 Working Party and the European Data Protection Supervisor released their opinion on the proposal, advocating for more effective rules, such as a general prohibition on tracking practices and privacy by default settings for software and applications.

In its Communication of 15 May 2018 the Commission called on the co-legislators to conclude negotiations by the end of 2018, but discussions are still ongoing.


On 6 July 2016, the Parliament and the Council approved the Network and Information Security (NIS) Directive,55 also known as the Cybersecurity Directive, which was developed within the framework of the Commission's EU Cybersecurity Strategy.56 The Directive aims to ensure a high common level of network and information security across the EU through a set of wide-ranging measures that will generate cooperation and information-sharing mechanisms, and set minimum requirements for a broad range of public and private players.57 In January 2018, the Commission adopted an implementing regulation laying down rules for the application of the NIS Directive.58

On 13 September 2017, the Commission and the High Representative for Foreign Affairs and Security Policy launched the cybersecurity package, a set of measures aimed at improving the EU response to cyberattacks and crime, which includes proposals for the institution of the European Cybersecurity Agency and for a directive on the combatting of fraud and counterfeiting of non-cash means of payment.59

On 27 June 2019, Regulation (EU) No. 2019/881 on ENISA (the European Union Agency for Network and Information Security, also known as the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification (the Cybersecurity Act) entered into force.

Free flow of data and cloud computing

The DSM Strategy calls for a European free flow of data initiative to promote the free movement of data and encourage innovation in the EU, while protecting personal data.60

In April 2016, the Commission launched the European Cloud Initiative,61 which includes a series of initiatives concerning the certification of cloud services to allow users to benefit from secure and high-quality services, the switching of cloud service providers and the development of a European Open Science Cloud for European researchers. The Cloud Initiative also provides for the creation of a European data infrastructure. On 16 February 2017, the European Parliament adopted by a large majority a resolution on the European Cloud Initiative.

This is considered a key initiative, as estimates of the cost of an incomplete DSM for cloud computing are between €31.5 billion and €63 billion per year.62 On the other hand, it was estimated that cloud computing can potentially contribute a total of €450 billion to the EU's GDP between 2015 and 2020 and lead to the creation of an additional one million jobs and 300,000 companies in the EU throughout all sectors of the economy.63

On 11 January 2018, the Commission published its proposal for a regulation establishing the European High Performance Computing Joint Undertaking,64 a legal entity that would pool European resources to develop supercomputing infrastructure for European scientific and industrial users. At the moment, the top 10 supercomputers depend on non-European technology, and this creates risks for the EU in terms of competitiveness and innovation. Located in Luxembourg, the joint undertaking started operating in November 2018 and will remain operational until the end of 2026.

On 10 January 2017, the Commission adopted a communication on building a European data economy,65 aimed at identifying unjustified restrictions on the free movement of data, such as data location restrictions. On 14 November 2018, the Parliament and the Council adopted Regulation (EU) No. 2018/1807 on the free flow of non-personal data in the European Union (FFD Regulation; see Section VI).

On 29 May 2019, the European Commission published new guidance to help users (in particular small and medium-sized enterprises) understand the interaction between the FFD Regulation and the GDPR Regulation.66 It gives practical examples on how the rules should be applied when a business is processing datasets composed of both personal and non-personal data.


The DSM strategy considers a European spectrum policy to be necessary to boost investment, as some countries were slow in allocating the 800MHz band used for mobile communications, and lagged behind in rolling out 4G technology for mobile networks as a result.67 On the other side, some Member States have already outpaced EU regulation (e.g., Germany started auctioning spectrum from the 700MHz band for mobiles in May 2015 and on 2 October 2018 Italy awarded the auction for the same band).

On 9 June 2015, the Commission presented the outcome of a public consultation on the September 2014 Pascal Lamy report concerning the UHF band.68 The report discusses how the scarce spectrum resource in the UHF broadcasting band should be used in future. The results of the consultation suggest that there is general backing for spectrum-efficient technologies for DTTV equipment.

Accordingly, on 2 February 2016 the Commission presented a proposal for a Decision of the Parliament and the Council on the use of the 470–790MHz frequency band for mobile services in the EU.69

On 17 May 2017, the Parliament and the Council adopted such decision,70 stating that Member States have to allow the use of the 700MHz frequency for wireless broadband ECS by 30 June 2020.

On 23 October 2017, the Commission published a study on spectrum assignment for the deployment of 5G in the EU,71 which considers the approaches currently used across the Member States for authorising and assigning spectrum. The study suggests that longer licence durations attract larger investments and a wider network roll-out.

The EECC establishes measures aimed at improving spectrum management across the EU. This objective is targeted by giving preference to the use of radio spectrum under general rather than individual authorisations (Article 48), and by granting long-term licences to encourage investment in high-capacity networks. In fact, the EECC obliges EU Member States to ensure that radio spectrum holder rights are valid for at least 15 years with a possibility for extension (Article 49).

The EECC also establishes that Member States shall cooperate to coordinate the timing of assignment of spectrum bands for electronic communications networks and services (Article 53).

In order to facilitate market entry by new operators, the EECC implements the 'use it or lose it principle' with respect to withdrawal of radio spectrum licences.


The new AVMS Directive entered into force in December 2018.72 Taking into account the changes occurred in the media landscape in less than a decade and the increase of video on-demand (VOD) services, the Directive changes the definition of audiovisual media services (including for first-time video-sharing platforms) and introduces a uniform regulatory framework for TV broadcasters and VOD service providers.

It strengthens the country-of-origin principle, according to which providers only need to abide by the rules of the Member State with jurisdiction over them, by providing more clarity on which Member States' rules apply and by aligning derogation procedures for both TV broadcasters and on-demand service providers. TV and video-sharing platforms are now required to take appropriate measures to protect minors against harmful content and to protect people from incitement to violence or hatred and public provocation to commit terrorist offences. Video-sharing platforms will now be responsible for reacting quickly when content is reported by users as harmful.

To support the cultural diversity of the European audiovisual sector, the Directive establishes that 30 per cent of content, including in the VOD service providers' catalogues, must be European. VOD platforms are also required to contribute to the development of European audiovisual productions, either through direct investment in content or through contributions to national funds. The level of these contributions should be proportional to VOD service providers' revenues in the country where they are established or in the country whose audience they target mostly.

Moreover, the Directive grants more flexibility in television advertising. Instead of the current 12 minutes per hour, broadcasters can choose when to show ads throughout the day, with an overall limit of 20 per cent of broadcasting time between 6am and 6pm and the same share during prime time (from 6pm to midnight).

The new Directive also includes strict rules on advertising and product placement in children's programmes and content available on VOD platforms. Broadcasters are required to put in place measures to effectively reduce children's exposure to publicity on unhealthy food or beverages. Product placement and teleshopping are prohibited in children's programmes, while EU countries can decide autonomously whether to exclude sponsorship.

The integrity of the signal is guaranteed by a new set of rules. In the case of smart TVs, service providers are not allowed to add windows with content to the screen during a programme, without first obtaining the agreement of the broadcaster.


i The European Electronic Communications Code

The EECC, entered into force on 20 December 2018,73 led to a complete review of the framework for electronic communications.

One of the main aims of the reform is to create incentives to invest, with a lighter regulatory regime particularly for co-investment of rival operators in very high capacity networks, and to facilitate the participation of smaller operators in investment projects.

On the basis of the principle of same service, same rules (which aims at creating a level playing field for all players providing similar services), the EECC broadens the scope of regulated ECS to include over-the-top (OTT) services. The category of ECS now includes: (1) internet access services, (2) interpersonal communications services (ICS), and (3) services consisting wholly or mainly in the conveyance of signals.

The inclusion of ICS represents a significant change in EU law: ICS are services that enable interpersonal and interactive exchange of information. They are further subdivided between 'number-dependent' and 'number-independent' services. The former includes traditional voice calls, the latter refers to all types of emails, messaging services or group chats. This means that OTT services such as Whatsapp, Facebook Messenger, Skype and Voice over Internet Protocol (VoIP) services now fall under the definition of ECS.

According to Recital 16, ECS provided in exchange for the provision of personal data or services in which users are exposed to advertising as a condition for gaining access are services provided in exchange for remuneration and, consequently, qualify as ECS under the EECC.

Pursuant to Article 68 of the EECC, undertakings with significant market power (SMP) may be subject to regulatory obligations imposed by NRAs, such as non-discrimination, accounting separation, access to civil engineering, price control and functional separation. In order to promote co-investment in a common infrastructure, pursuant to Article 76, undertakings having SMP can offer commitments to open to co-investment the deployment of a new very high capacity network. Co-investment may take the form of co-ownership or long-term risk sharing through co-financing.

Finally, the EECC contains provisions aimed at improving consumer rights. In particular, it provides that contracts with end users cannot extend beyond 24 months and consumers must receive a summary of the contract, as an integral part of the contract itself (Article 102).

ii The new Directive on copyright

Directive (EU) No. 2019/790 establishes the new set of European copyright rules.74 The objective of the Directive is to provide rules to adapt certain exceptions and limitations to copyright to digital and cross-border environments. The Directive also contains measures intended to facilitate licensing practices, in particular as regards the dissemination of out-of-commerce works and the online availability of audiovisual works on video-on-demand platforms, in order to ensure wider access to content.

Two provisions of the Directive are considered particularly innovative and controversial. Article 15 introduces the right of press publishers to claim remuneration for the online use of their publications (link tax). This means that platforms such as Google, Facebook and YouTube are required to agree on a fee to be paid to publishers and content owners. Article 17 imposes on online platforms an obligation to obtain an authorisation from right holders, for instance by entering into a licensing agreement, when they give the public access to copyright protected works uploaded by their users (upload filter). If no authorisation is granted, online platforms are liable for making copyright-protected works available to the public unless they demonstrate that they have (1) made best efforts to obtain an authorisation; (2) made best efforts to ensure the unavailability of specific works for which right holders have provided the necessary information; and (3) acted promptly, upon notice from the right holders, to disable access to the notified copyright-protected work.

The Directive establishes four mandatory exceptions to copyright for the purposes of education, research, preservation of cultural heritage and inclusion of disabled people.

iii Regulation on the free flow of non-personal data

Regulation (EU) No. 2018/1807 aims to achieve a more competitive and integrated internal market for data storage and other processing services so as to unlock the potential of new digital technologies (e.g., cloud computing, big data, artificial intelligence and the IoT).

The Regulation favours the circulation of non-personal data within the EU for companies, public administrations and citizens, allowing non-personal data to be located and processed anywhere in the EU without unjustified restrictions (with the exception of data retained for purposes of public security).

The Regulation abolishes the obligations of territorial restriction of data treatment, meaning the condition requiring that the treatment of data has to be carried out in a Member State rather than in another. However, the Regulation ensures that competent authorities can access data stored or processed in another Member State for the purposes of regulatory control.

Finally, the Regulation encourages market operators to develop self-regulatory codes of conduct containing information operational requirements to facilitate the switching of service providers and the porting of data.

iv Merger and antitrust control in telecommunication markets

As regards merger control, the Commission cleared a relevant number of mergers in the telecommunications sector between the end of 2018 and October 2019.

In October 2018, the Commission cleared unconditionally the acquisition of Com Hem by Tele2.75 Both operators provide telecommunications services in Sweden. Even though both companies are active in the provision of mobile telecommunications services, fixed internet access services and multiple play services, the Commission found that the transaction would raise no competition concerns because their activities are largely complementary: Com Hem's is mainly active in fixed telecommunications and TV, while Tele2 is mainly active in mobile telecommunications. Moreover, the Commission found that the merged entity would continue to face significant competition from other players such as Telia and Telenor, both active on all retail telecommunications markets in Sweden, as well as Tre, active on the retail mobile telecommunications market.

In December 2018, the Commission approved the acquisition of United Group by BC Partners.76 United Group provides telecommunications and media services in South East Europe. BC Partners is a private equity firm, which controls Intelsat, a global provider of satellite communications services. The transaction gives rise to a vertical relationship between the satellite pay-TV activities of United Group in South East Europe, and the Europe-wide wholesale satellite activities of Intelsat. The Commission concluded that the proposed acquisition would raise no competition concerns because Intelsat does not have market power in the wholesale market of satellite capacity and United Group is only one of the many customers active in the market.

In July 2019, the Commission approved the acquisition of DNA,77 a company providing mobile and fixed communications services, broadband internet services and TV distribution services in Finland, by Telenor ASA, which provides mobile and fixed telecommunications services and TV distribution services in the Nordic region. The Commission found that there are very limited horizontal overlaps between the companies' activities in the market for retail TV services in Finland and in the wholesale market for acquisition of TV channels. In addition, the Commission considered that a number of strong players would remain in each of the markets after the merger.

In July 2019, the Commission approved, subject to commitments, the acquisition by Vodafone of Liberty Global's cable business providing TV, broadband and phone services in the Czech Republic, Germany, Hungary and Romania.78 Following its Phase I investigation, the Commission had concerns that, in Germany, the transaction: (1) would eliminate the competitive constraint exerted by the merging companies on each other in the market for the retail supply of fixed broadband services, and (2) would increase the market power of the merged entity in the market for the wholesale supply of signal for the transmission of TV channels. The Commission considered that this could impact on the broadcasters' position, leading to quality degradation of the TV offer in Germany and hindering the broadcasters' ability to provide innovative services, such as OTT services.

To address the Commission's competition concerns, Vodafone committed, inter alia, to: (1) provide a remedy taker (Telefónica) with access to the merged entity's cable network in Germany, enabling the remedy taker to replicate the competitive constraint previously exerted by Vodafone; (2) refrain from contractually restricting the possibility for broadcasters that are carried on the merged entity's TV platform to also distribute their content via an OTT service; and (3) not to increase the fees paid by free-to-air broadcasters for the transmission of their linear TV channels via Vodafone's cable network in Germany.

In the media sector, in May 2019 the Commission opened an in-depth investigation to assess the proposed acquisition of Bonnier Broadcasting, a TV broadcasting company active primarily in Sweden and Finland, by Telia Company AB, a telecommunication operator that provide mobile and fixed telecommunications services as well as television services, among others, in Norway and Sweden.79

As a retail TV distributor, Telia Company licenses TV channels from TV broadcasters, such as Bonnier Broadcasting, to include them in its audiovisual offering. The proposed acquisition would therefore create a vertically integrated player in the audiovisual sector in Denmark, Finland, Norway, and Sweden. The Commission's competition concerns relate to the fact that: (1) Telia Company's competitors in TV distribution could be denied access to Bonnier Broadcasting's TV channels that are extremely important for consumers in Sweden and Finland; (2) the merged entity could deny access to TV advertising space on its free-to-air and basic pay TV channels to Telia Company's competitors in the markets for retail mobile telecommunication, fixed internet and TV services; and (3) the merged entity could deny access to its streaming application to customers using competing mobile and fixed internet providers. The case is currently pending.

In September 2019, the Commission cleared the acquisition of M7 Group, based in Luxembourg, by Canal +, controlled by the Bolloré Group and based in France.80 M7 Group is active in certain countries of the European Economic Area in the provision of retail pay television services, the broadcasting of television channels and the wholesale distribution of television channels. Canal + is active in the provision of pay-TV retail services in several countries worldwide (including France and Poland in the EEA), audiovisual content production and TV broadcasting. The Commission concluded that the proposed merger would not raise competition concerns, as there is limited overlap between the parties' activities.

As to antitrust enforcement, in March 2019 the Commission concluded the proceedings initiated against Google concerning the AdSense search advertising service, imposing a fine of €1.49 billion for abusive practices in online advertising.81

The Commission found that Google had abused its dominant position in the market for the brokering of online search adverts by imposing a number of restrictive clauses in contracts with third-party websites, which prevented Google's rivals from placing their search adverts on these websites.

In particular, the Commission maintained that, starting in 2006, Google included exclusivity clauses in its contracts for the provision of online search advertising intermediation services with publishers. On the basis of such clauses, publishers were allegedly prohibited from placing any search adverts from competitors on their search results pages. As of March 2009, Google gradually started replacing the exclusivity clauses with 'premium placement' clauses. These allegedly required publishers to reserve the most profitable space on their search results pages for Google's adverts. As a result, the Commission considered that Google's competitors were prevented from placing their search adverts in the most visible and clicked on parts of the websites' search results pages. As of March 2009, Google also included clauses allegedly requiring publishers to seek written approval from Google before making changes to the way in which any rival adverts were displayed. According to the Commission, this meant that Google could control how attractive, and therefore clicked on, competing search adverts could be ('relaxed exclusivity' strategy).

The Commission maintained that Google's rivals were not able to compete on the merits, either because there was a prohibition for them to appear on publishers' websites or because Google reserved for itself the most valuable commercial spaces on those websites, while at the same time controlling how rival search adverts could appear.

In March 2019, the Commission accepted the commitments offered by Disney, NBCUniversal, Sony Pictures, Warner Bros and Sky with regard to certain clauses contained in these studios' film licensing contracts for pay-TV with Sky UK.82

US film studios typically license audiovisual content to a single pay-TV broadcaster in each Member State. The contracts signed by these studios with Sky UK allegedly contained clauses that (1) required Sky UK to block access to the studios' films through its online pay-TV services or its satellite pay-TV services to consumers outside UK and Ireland (geo-blocking), or both, and (2) required some of the studios to ensure that broadcasters outside the UK and Ireland were prevented from making their pay-TV services available in the UK and Ireland.

According to the Commission, such clauses restrict the ability of broadcasters to accept unsolicited requests ('passive sales') for their pay-TV services from consumers located outside their licensed territory. The Commission had concerns that this may eliminate cross-border competition between pay-TV broadcasters and partition the EU's Single Market along national borders.

The Commission accepted the commitments consisting in, inter alia, not introducing contractual obligations that: (1) prevent pay-TV broadcasters from engaging in cross-border passive sales to consumers located outside the licensed territory (no 'broadcaster obligation'), and (2) require the studios to prevent other pay-TV broadcasters from engaging in passive sales to consumers located in the licensed territory (no 'studio obligation').


The new EECC, which entered into force on 20 December 2018, is meant to shape the future structure of the European telecommunications sector. The reform aims, inter alia, to boost the rollout of 5G networks, given that Europe is lagging behind Asia and America in this regard, and to create a level playing field between traditional telecommunications companies and OTT providers.

Antitrust enforcement in the past year confirmed the Commission's focus on investigating possible anticompetitive practices implemented by large companies active in high-tech markets.

Under the political guidelines for the new European Commission 2019–2024,83 the development of artificial intelligence remains a priority area for further action in the years to come, to be developed by prioritising investments in this field and proposing a legislation for a coordinated European approach on its human and ethical implications.


1 Marco D'Ostuni is a partner, Gianluca Faella is counsel and Manuela Becchimanzi is an associate at Cleary Gottlieb Steen & Hamilton LLP.

2 See Section III.iv.

3 See Directive 2001/29/EC of 22 May 2001, OJ 2001 L 111/16.

4 See Directive 2002/21/EC of 24 April 2002, OJ 2002 L 108/33.

5 See Regulation (EC) No. 1211/2009 of 25 November 2009, OJ 2009 L 337/1.

6 Proposal for a Regulation of the European Parliament and of the Council establishing the Body of European Regulators of Electronic Communications (BEREC) – COM(2016)591 (available at https://ec.europa.eu/digital-single-market/en/news/proposed-regulation-establishing-body-european-regulators-electronic-communications-berec).

7 Regulation (EU) No. 2018/1971 of 11 December 2018 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Agency for Support for BEREC (BEREC Office), amending Regulation (EU) No. 2015/2120 and repealing Regulation (EC) No. 1211/2009.

8 See Directive 2009/140/EC of 25 November 2009, OJ 2009 L 337/1.

9 See Directive 2009/136/EC of 25 November 2009, OJ 2009 L 337/1.

10 See State of the Union 2016: Commission paves the way for more and better internet connectivity for all citizens and businesses (available at http://europa.eu/rapid/press-release_IP-16-3008_en.htm).

11 Proposal for a Directive establishing the European Electronic Communication Code – COM(2016) 590 final (available at https://ec.europa.eu/digital-single-market/en/news/proposed-directive-establishing-european-electronic-communications-code).

12 See Directive (EU) No. 2019/790 of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC; Directive (EU) No. 2019/789 of 17 April 2019 laying down rules on the exercise of copyright and related rights applicable to certain online transmissions of broadcasting organisations and retransmissions of television and radio programmes; Regulation (EU) No. 2017/1563 of 13 September 2017 on the cross-border exchange between the Union and third countries of accessible format copies of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled; Directive (EU) No. 2017/1564 of 13 September 2017 on certain permitted uses of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled and amending Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society.

13 Directive 2010/13/EU of 10 March 2010, OJ 2010 L 95/1.

14 See Regulation of the European Parliament and the Council (EU) 2018/302 of 23 February 2018 on addressing unjustified geo-blocking and other forms of discrimination based on customers' nationality, place of residence or place of establishment within the internal market.

15 See Regulation of the European Parliament and of the Council (EU) 2017/1128 of 14 June 2017 on cross-border portability of online content services in the internal market (available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2017.168.01.0001.01.ENG).

16 The respective competences of the Commission and NCAs to assess mergers are defined on the basis of the turnover of the undertakings concerned (See Article 1.2 of Council Regulation (EC) No. 139/2004 (Merger Regulation), OJ 2004 L 24/1–22). However, a Member State may also review a concentration that falls within the competence of the Commission and adopt the measures needed to protect certain legitimate interests, including the plurality of the media (see Article 21.4 of the Merger Regulation).

17 Article 5 of Directive 2002/20/EC of 7 March 2002, OJ 2002 L 108/21 'Authorisation Directive'.

18 Regulation (EU) No. 2015/2120 of 25 November 2015, OJ 2015 L 310/1.

19 Regulation (EU) No. 2015/2120, Article 3.

20 Regulation (EU) No. 2015/2120, Paragraph 9.

21 The Regulation also includes a number of transparency measures for providers to ensure customer awareness of open internet access, and provides that national regulatory authorities have to monitor providers' compliance with the minimum service quality standards. Regulation (EU) No. 2015/2120, Articles 4 and 5.

23 Directive 2002/22/EC of 7 March 2002, OJ L 108.

24 Commission Recommendation of 20 September 2010, OJ 2010 L251/35.

25 Commission Recommendation 2013/466/EU of 11 September 2013 on consistent non-discrimination obligations and costing methodologies to promote competition and enhance the broadband investment environment, OJ L 251. The measure follows Commissioner Kroes' policy statement of July 2012 (available at http://europa.eu/rapid/press-release_MEMO-12-554_en.htm?locale=en).

26 The EoI model ensures that the incumbent's and competitors' downstream access products use exactly the same physical upstream inputs (e.g., same tie cables, same electronic equipment, same exchange space). Conversely, the equivalence of output model ensures that the access products offered by the incumbent to alternative operators are comparable to the products it provides to its retail division in terms of functionality and price, but they may be provided by using different systems and processes.

27 BEREC issued its Report on the Regulatory Accounting in Practice 2013, according to which data from NRAs generally confirmed the trend toward an increasingly consistent approach to regulatory accounting obligations among NRAs. The Report on the Regulatory Accounting in Practice 2018 confirms that the degree of consistent application of methodologies continues to be high among NRAs.

28 See Paragraph 192 of the EECC.

29 Directive 2000/31/EC.

30 See Section 4, Articles 12 to 15.

31 Cases C-70/10, Scarlet Extended v. SABAM; and Case C-360/10, Sabam v. Netlog NY. For more details on these judgments, see this chapter in the seventh edition of this publication.

32 Case C–314/12 UPC Telekabel Wien GmbH v. Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft mbH. For more details on this judgment, see this chapter in the ninth edition of this publication.

33 Case C-484/14, Mc Fadden v. Sony Music.

34 Case C-521/17, Coöperatieve Vereniging SNB-REACT U.A. v. Deepak Mehta.

35 See footnote 12.

36 Case C-131/12, Google Spain SL, Google Inc/Agencia Española de Protección de Datos, Mario Costeja González, Paragraphs 28 and 41. For more details on these judgments, see this chapter in the seventh edition of this publication.

37 The Directive grants individuals the right to obtain from the controller rectification, erasure or blocking of personal data (Article 12(b)) and to object to processing on compelling legitimate grounds (Article 14). The Court affirmed that these rights can also be invoked against search engines since 'it is the search engine operator which determines the purposes and means of that activity and [. . .] must, consequently, be regarded as the 'controller' in respect of that processing pursuant to Article 2(d)' (Paragraph 33).

38 C-136/17, G C and Others (Déréférencement de données sensibles); Case C-507/17, Google v. Commission nationale de l'informatique et des libertés (CNIL).

39 Communication on Tackling Illegal Content Online – Towards an enhanced responsibility of online platforms – COM (2017) 555 (available at https://ec.europa.eu/digital-single-market/en/news/communication-tackling-illegal-content-online-towards-enhanced-responsibility-online-platforms).

40 See Recommendation on measures to effectively tackle illegal content online – C (2018) 1177, available at https://ec.europa.eu/digital-single-market/en/news/commission-recommendation-measures-effectively-tackle-illegal-content-online.

41 Communication on Tackling online disinformation: a European Approach, COM (2018) 236, available at https://ec.europa.eu/digital-single-market/en/news/communication-tackling-online-disinformation-european-approach.

42 Regulation (EU) No. 2016/679 of 27 April 2016, OJ 2016 L 119/1.

43 Directive (EU) No. 2016/680 of 27 April 2016, OJ 2016 L 119/1.

44 Directive (EC) No. 1995/46 of 24 October 1995, OJ L281/1 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

45 See Recital 4 of Regulation (EU) No. 2016/679 of 27 April 2016, OJ 2016 L 119/1.

46 See Article 20 of Regulation (EU) No. 2016/679 of 27 April 2016, OJ 2016 L 119/1.

47 See Recital 71 of Regulation (EU) No. 2016/679 of 27 April 2016, OJ 2016 L 119/1.

48 See Recital 152 of Regulation (EU) No. 2016/679 of 27 April 2016, OJ 2016 L 119/1.

49 Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.

50 Case C-362/14, Maximillian Schrems v. Data Protection Commissioner. For more details on this judgment, see this chapter in the seventh edition of this publication.

51 In the meantime, Article 26 of Data Protection Directive applies. The latter provides for some alternative grounds on which specific data transfers may take place absent an Article 25 adequacy decision. In particular, transfers may be carried out where the entity responsible for determining the purposes and means of the processing of personal data adduces appropriate safeguards, including contractual clauses binding the exporter and the importer of the data.

52 Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU–US Privacy Shield.

53 Case T-670/16, Digital Rights Ireland v. Commission.

54 Directive (EU) No. 2002/58 of 12 July 2016, OJ 2002 L201/1.

55 Directive (EU) No. 2016/1148 of 6 July 2016, OJ 2016 L194/1.

56 Joint communication on cybersecurity strategy of the European Union – JOIN(2013) 1 final (available at www.europarl.europa.eu/meetdocs/2009_2014/documents/join/com_join(2013)0001_/com_join(2013)0001_en.pdf).

57 Paul Waszin, Nauta Dutilh, 'Network and information security NIS: EU Strategy and Directive' (available at www.lexolosv.com/librarv/detail.asox?s=fbOffQ7d-09c8-4add-aa58-7daf780eSd6f).

59 Joint Communication to the European Parliament and the Council – Resilience, Deterrence and Defence: Building strong cybersecurity for the EU, available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52017JC0450&from=EN

60 Commission's DSM Strategy, Pillar III, Action 14.

61 See the Digitizing European Industry Q&A of 19 April 2016, available at http://europa.eu/rapid/press-release_MEMO-16-1409_en.htm.

62 European Parliament Research Service, Mapping the cost of Non-Europe, 2014–19.

63 The International Data Corporation, Uptake of Cloud in Europe: Follow-up of IDC Study on Quantitative estimates of the demand for Cloud Computing in Europe and the likely barriers to take-up, 2015.

64 Proposal for a Council Regulation on establishing the European High Performance Computing Joint Undertaking, COM (2018) 8, available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2018:8:FIN.

65 See Communication on Building a European Data Economy (available at https://ec.europa.eu/digital-single-market/en/news/communication-building-european-data-economy).

67 Commission's DSM strategy, Pillar II, Action 9.

68 Summary report, Brussels, 9 June 2015 DG CONNECT/B4.

69 Proposal for a Decision on the use of the 470-790MHz frequency band in the Union – COM(2016) 043 final (available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2016%3A43%3 AFIN); see also the Commission press release available at http://europa.eu/rapid/press-release_IP-16-207_en.htm.

70 Decision of the European Parliament and of the Council of 17 May 2017 on the use of the 470–790MHz frequency band in the Union (available at http://data.consilium.europa.eu/doc/document/PE-5-2017-REV-1/en/pdf).

72 Directive (EU) No. 2018/1808 of 14 November 2018 amending Directive 2010/13/EU on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual media services (Audiovisual Media Services Directive) in view of changing market realities.

73 Directive (EU) No. 2018/1972 of 11 December 2018 establishing the European Electronic Communications Code.

74 Directive (EU) No. 2019/790 of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC.

75 Case M.8842, Tele2/Com Hem Holding.

76 Case M.9152, BC Partners/ United Group.

77 Case M.9379, Telenor/DNA.

78 Case M.8864, Vodafone/Certain Liberty Global Assets.

79 Case M.9064, Telia Company/Bonnier Broadcasting Holding.

80 Case M.9416, Bolloré Group / M7 Group.

81 Case 40411, Google AdSense.

82 Case AT.40023, Cross-border access to pay-TV.