Karolina Mojzesowicz, Deputy Head, Data Protection Unit, the European Commission, said that the EU Commission is now considering whether additional legislation is needed for AI.
The EU Commission wants to consider all fundamental rights together. GDRP only addresses personal data – freedom of expression and non-discrimination are other aspects to take into account, she said.
On December 19, the EU Commission released its report on the second review of the EU-US Privacy Shield arrangement, the mechanism that allows for the transfer of data between the EU and the US. Overall, the Commission fins that the US authorities has taken steps to improve the functioning of the framework.
On January 24, the EU Data Protection Board gathering all EU data protection authorities announced that due to substantial shortcomings, the EU-US Privacy Shield risk could be struck down by the European Court of Justice later this year.
The European Commission, the European Parliament and the Council of the European Union reached an agreement earlier this month regarding changes to the Proposal for a Regulation on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology Cybersecurity Certification (the “Cybersecurity Act”).
The agreement empowers the EU Cybersecurity Agency (known as European Union Agency for Network and Information and Security, or “ENISA”) and introduce an EU-wide cybersecurity certification for services and devices.
Full article: Agreement on Proposal for Cybersecurity Act
On Wednesday evening, the UK government and European Commission announced that the UK and EU27 countries had reached a draft agreement on the terms of the UK’s withdrawal from the EU. That draft agreement, which is still to be ratified by the UK parliament and EU27 member states, was published alongside a number of other documents, including an outline of the political declaration on the future EU-UK relationship.
According to the political declaration, the Commission will assess UK data protection standards on the basis of the EU’s “adequacy framework” with a view to adopting an “adequacy” decision by the end of 2020. Over the same period, the UK will take steps to ensure comparable facilitation of personal data flows to the Union.
On November 9, 2018, the European Commission (“the Commission”) submitted comments to the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) in response to its request for public comments on developing the administration’s approach to consumer privacy.
In its comments, the Commission welcomes and agrees with many of the high-level goals identified by NTIA, including harmonization of the legal landscape, incentivizing privacy research, employing a risk-based approach and creating interoperability at a global level.
The Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) has been given an overhaul to bring it into line with the General Data Protection Regulation. While Convention 108 is not an EU document, the European Commission sees the protocol as a way of encouraging “third countries” to adopt the basic tenets of the GDPR. This could be particularly interesting for the U.K., which will become a third country after Brexit.
EU and US officials have begun the second annual review of the Privacy Shield, an important framework that facilitates the free flow of personal data across the Atlantic for businesses.
The review will focus on the commercial aspects, notably on questions related to the oversight and enforcement of the Shield, and developments concerning the collection of personal data by US authorities for purposes of law enforcement or national security. The European Commission will publish its conclusions in a report end of November.
Competition regulators have a new cause célèbre: Big Tech’s use of data. From Europe’s top antitrust czar Margrethe Vestager announcing an investigation into Amazon last week over its potential abuse of digital information, to the U.S. Federal Trade Commission holding a public hearing in early November on big data and competition, officials are gearing up for a new round of antitrust battles.
The big question is what limits, if any, should policymakers place on the data empires at a time when companies from Amazon to Microsoft are searching for new business opportunities, including online groceries and gaming.
European Commission has warned Facebook it will face sanctions unless it changes what it calls its “misleading” terms and conditions. Facebook has been given until the end of the year to change its terms of service.
The commission acknowledged that Facebook had made some changes but said its terms and conditions remained problematic because Facebook “tells consumers that their data and content is used only to improve their overall ‘experience’ and does not mention that the company uses these data for commercial purposes”.