Privacy Community

Today, the Commission has adopted a new strategy on Web 4.0 and virtual worlds to steer the next technological transition and ensure an open, secure, trustworthy, fair and inclusive digital environment for EU citizens, businesses and public administrations.

The internet is evolving at an extremely fast pace. Beyond the currently developing third generation of the internet, Web 3.0, whose main features are openness, decentralisation, and user full empowerment, the next generation, Web 4.0, will allow an integration between digital and real objects and environments, and enhanced interactions between humans and machines.

...

[continue reading on the source web page]

It’s good news that the European Commission is now considering the value and needs of Open Source in its policy deliberations. What’s not as good is that it does so through the wrong lens. The Commission needs to extend its consultations, Expert Groups and other work to include and consider the fourth sector.

...

[continue reading on the source web page]

On 10 July, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The adequacy decision concludes that the United States ensures an adequate level of protection – compared to that of the EU - for personal data transferred from the EU to US companies participating in the EU-U.S. Data Privacy Framework.

The adequacy decision follows the US' signature of an Executive Order on ‘Enhancing Safeguards for United States Signals Intelligence Activities', which introduced new binding safeguards to address the points raised by Court of Justice of the European Union in its Schrems II decision of July 2020. Notably, the new obligations were geared to ensure that data can be accessed by US intelligence agencies only to the extent of what is necessary and proportionate, and to establish an independent and impartial redress mechanism to handle and resolve complaints from Europeans concerning the collection of their data for national security purposes.

...

[continue reading on the source web page]

New Trans-Atlantic Data Privacy Framework largely a copy of "Privacy Shield". noyb will challenge the decision.

Third attempt of the European Commission to get a stable agreement on EU-US data transfers will be likely back at the Court of Justice (CJEU) in a matter of months. The allegedly "new" Trans-Atlantic Data Privacy Framework is largely a copy of the failed "Privacy Shield". Despite the European Commission's public relations efforts, there is little change in US law or the approach taken by the EU. The fundamental problem with FISA 702 was not addressed by the US, as the US still takes the view that only US persons are worthy of constitutional rights.

...

[continue reading on the source web page]

EU countries have taken sides on the measures in support of innovation in the upcoming AI rulebook.

The AI Act is a landmark proposal to regulate Artificial Intelligence based on its potential to cause harm. The draft law is at the last phase of the legislative process, the so-called trilogues between the EU Council, Parliament and Commission.

The next trilogue is scheduled on 18 July, with the EU policymakers set to agree on some of the most controversial parts of the text, notably on the part related to innovation measures, where the positions of the co-legislators are complementary rather than conflictual.

The Spanish Presidency of the EU Council of Ministers, which will represent member states in the negotiations, circulated an options paper on this part of the text, seen by EURACTIV, that was discussed last Wednesday (5 July) at the Telecom Working Party, a technical body of the Council.

...

[continue reading on the official source]

Today, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. On the basis of the new adequacy decision, personal data can flow safely from the EU to US companies participating in the Framework, without having to put in place additional data protection safeguards.

The EU-U.S. Data Privacy Framework introduces new binding safeguards to address all the concerns raised by the European Court of Justice, including limiting access to EU data by US intelligence services to what is necessary and proportionate, and establishing a Data Protection Review Court (DPRC), to which EU individuals will have access. The new framework introduces significant improvements compared to the mechanism that existed under the Privacy Shield. For example, if the DPRC finds that data was collected in violation of the new safeguards, it will be able to order the deletion of the data. The new safeguards in the area of government access to data will complement the obligations that US companies importing data from EU will have to subscribe to.

...

[you can complete reading on the official website]

Today, Meta is launching its new microblogging platform called Threads. What is noteworthy about this launch is that Threads intends to become part of the decentralized social web by using the same standard protocol as Mastodon, ActivityPub. There’s been a lot of speculation around what Threads will be and what it means for Mastodon. We’ve put together some of the most common questions and our responses based on what was launched today.

...

(read more on the official web page)

Intervista a uno dei padri dell'AI. "Essere intelligenti non vuol dire avere voglia di dominare. Il mito della superintelligenza cattiva deriva dal fatto che una macchina intelligente sia proprio come noi. Ma non è così"

"L'Intelligenza artificiale ci porterà verso un nuovo umanesimo. Accrescerà l'intelligenza di tutti, non solo quella delle macchine. Perché alcuni esperti sono allarmati? Hanno una visione semplicistica delle conseguenze". Yann LeCun è considerato uno dei padri dell'Intelligenza artificiale. Autore di saggi e articoli considerati oggi la Bibbia di chi si occupa di apprendimento automatico delle macchine, è professore della New York University, capo della divisione Intelligenza artificiale. I suoi studi gli sono valsi il massimo riconoscimento del settore: il Premio Turing nel 2018. La sua visione sull'Ai e sull'impatto che avrà sulle nostre società sono ampiamente condivise in ambito accademico. Lunedì ha ricevuto la laurea ad honorem dell'Università di Siena per il contributo fondamentale alla ricerca nel campo dell'intelligenza artificiale. È interventuo all’evento SAIConference di Siena, un incontro dedicato all’Intelligenza Artificiale realizzato da SAIHub (Siena Artificial Intelligence Hub). E sulle norme decise dall'Unione europea per regolamentare l'Ai non ha dubbbi: "Sbagliato decidere leggi sull'Ai. Diverso è se si parla di come viene applicata". Sull'Intelligenza artificiale si è aperto un ampio dibattito tra accademici, imprenditori del settore e più in generale tra l'opinione pubblica. Rischi, opportunità, paure e speranze.

...

Today, the Commission proposes a new law to streamline cooperation between data protection authorities (DPAs) when enforcing the General Data Protection Regulation in cross-border cases. The new regulation will set up concrete procedural rules for the authorities when applying the GDPR in cases which affect individuals located in more than one Member State. For example, it will introduce an obligation for the lead Data Protection Authority to send a ‘summary of key issues' to their counterparts concerned, identifying the main elements of the investigation and its views on the case, and therefore allowing them to provide their views early on. The proposal will contribute to reduce disagreements and facilitate consensus among authorities since the initial stages of the process.

For individuals, the new rules will clarify what they need to submit when making a complaint and ensure that they are appropriately involved in the process. For businesses, the new rules will clarify their due process rights when a DPA investigates a potential breach of the GDPR. The rules will therefore bring swifter resolution of cases, meaning quicker remedies for individuals and more legal certainty for businesses. For data protection authorities, the new rules will smoothen cooperation and enhance efficiency of enforcement.

...

1. Proposal for a regulation laying down additional procedural rules relating to the enforcement of GDPR
2. Annex - Proposal for a regulation laying down additional procedural rules relating to the enforcement of GDPR

The European Commission presented on Tuesday (4 July) a legislative proposal to harmonise certain aspects of national procedural rules to speed up cross-border cases under the General Data Protection Regulation (GDPR).

The reform was requested by the chair of the European Data Protection Board (EDPB), the body that gathers all EU data protection authorities, which pointed out several discrepancies in the national legal framework that prevented smooth cooperation among data regulators.

The draft law touches upon complaints over alleged data protection breaches, the procedural rights of parties under investigation, intra-authority cooperation and dispute resolution.

...

Yesterday, Monday 3 July, was the deadline for large, systemic digital platforms to notify the Commission that they meet the thresholds to qualify as gatekeepers under the Digital Markets Act (DMA).

The companies, operating on our EU digital market, who declared meeting the thresholds are:

• Alphabet
• Amazon
• Apple
• ByteDance
• Meta
• Microsoft
• Samsung

...

The topics of AI definition, high-risk classification, list of high-risk use cases and the fundamental rights impact assessment will be on the table of the Council this week as the Spanish presidency prepares to dive headfirst into negotiations.

Spain has taken over the rotating presidency of the EU Council of Ministers on 1 July. On top of its digital priorities, Madrid seeks to reach a political agreement on the AI Act, a landmark legislation to regulate Artificial Intelligence based on its potential to cause harm.

The Spanish presidency circulated a document, dated 29 June and seen by EURACTIV, to inform an exchange of views on four critical points of the AI rulebook on Wednesday (5 July) at the Telecom Working Party, a technical body of the Council.

The discussion will inform the position of the presidency in the next negotiation session with the EU Council, Parliament and Commission, so-called trilogues, on 18 July.

...

As the European Parliament debates how European health data space should be shaped, the co-rapporteur of the file has warned that the agreements regarding the secondary use of data were the hardest to reach.

Over a year has passed since the Commission proposed European health data space (EHDS), a new legislative proposal with ambitions to make a true revolution in health data and unleash its full potential for all stakeholders – from patients and healthcare professionals to policymakers and researchers.

Therefore the Parliament is running through more than a 100 page-document, aiming to empower EU citizens to better control their health data, unleash the market potential and set up the framework for data reuse while ensuring the protection of this highly sensitive data.

...

On 14 June 2023, President Bola Tinubu signed the Nigeria Data Protection Act, 2023 into law, with the aim of addressing the critical need for data protection in the country.

In recent years, Nigeria has been criticised for failing to pass a data protection law while many other African countries have successfully done so. Instead, the country previously relied on the Nigeria Data Protection Regulation, 2019 (NDPR), released by the National Information Technology Development Agency (NITDA), which has now been replaced by the Data Protection Act. Several sections of the Act focus on the safeguards required during the processing of personal information. Section 24 of the Act emphasises the principles governing the processing of personal data and mandates data controllers and processors to collect data lawfully and process it securely. Section 25 provides the lawful basis for personal data processing, requiring the consent of the data subject for specific purposes. The legislation further outlines the rights of data subjects in sections 34 – 37, ensuring that individuals have control over their personal information. The Act prohibits the cross-border transfer of personal data, except when legally permitted, and enhances accountability by mandating all data controllers and processors who are considered of “significant importance” to register with the regulatory authority within six months of the law’s commencement.

...

BRUSSELS ― When the European Commission unveiled draft legislation paving the way for a digital version of the euro, its jitters over how to allay privacy concerns were only too apparent.

“This is not a Big Brother project,” Finance Commissioner Mairead McGuinness told reporters on Wednesday after presenting what, if it becomes a reality, will be a virtual extension of euro banknotes and coins and which will settle payments across the eurozone in seconds.

Supporters say the digital euro goes beyond providing a public good and will ensure the currency and European Central Bank remain relevant in a digital economy, where cryptocurrencies circulate and big tech companies dream of printing their own money.

...

Industrial manufacturers in Europe sense the opportunity of big data — but Brussels is about to change the rules on how to tap into it.

European Union legislators struck a deal Tuesday evening on a landmark bill that aims to regulate who can access and share data generated by connected machines and devices, both on the work floor and at home.

The new law is a response to the untapped potential of industrial data in Europe, as 80 percent of machine or device-generated data is never used. The slow pace of its data economy is a threat to Europe’s industrial base — where the Continent still holds considerable sway — and data will be key for the deployment of artificial intelligence technologies in coming years.

...

EU policymakers reached a political agreement on the Data Act in the late hours of Tuesday (27 June).

The Data Act is a landmark legislation meant to remove barriers to the circulation of non-personal data by regulating the rights and obligations of all economic actors involved in producing and consuming Internet of Things products – connected devices capable of collecting and sharing data.

With Tuesday’s agreement, the EU Council, Parliament and Commission bridged their differences on the most important aspects of the data law that is now set for formal adoptions as the text is fine-tuned at the technical level in the coming days.

“The Data Act will ensure that industrial data is shared, stored and processed in full respect of European rules. It will create a thriving data economy that is innovative and open, but on our European conditions,” EU Commissioner Thierry Breton said.

...

The Commission welcomes the political agreement reached today between the European Parliament and the Council of the EU, on the European Data Act, proposed by the Commission in February 2022.

Today, the Internet of Things (IoT) revolution fuels exponential growth with projected data volume set to skyrocket in the coming years. A significant amount of industrial data remains unused and brimming with unrealised possibilities.

The Data Act aims to boost the EU's data economy by unlocking industrial data, optimising its accessibility and use, and fostering a competitive and reliable European cloud market. It seeks to ensure that the benefits of the digital revolution are shared by everyone.

Concretely, the Data Act includes:

• Measures that enable users of connected devices to access the data generated by these devices and by services related to these devices. Users will be able to share such data with third parties, boosting aftermarket services and innovation. Simultaneously, manufacturers remain incentivised to invest in high-quality data generation while their trade secrets remain protected.
• Measures to provide protection from unfair contractual terms that are unilaterally imposed. These aim to safeguard EU companies from unjust agreements, fostering fair negotiations and enabling SMEs to participate more confidently in the digital marketplace.
• Mechanisms for public sector bodies to access and use data held by the private sector in cases of public emergencies such as floods and wildfires, or when implementing a legal mandate where the required data is not readily available through other means.
• New rules that grant customers the freedom to switch between various cloud data-processing service providers. These rules aim to promote competition and choice in the market while preventing vendor lock-in. Additionally, the Data Act includes safeguards against unlawful data transfers, ensuring a more reliable and secure data-processing environment.
• Measures to promote the development of interoperability standards for data-sharing and data processing, in line with the EU Standardisation Strategy.

Next Steps

...

Brussels, 21 June - During its latest plenary, the EDPB has adopted a template complaint form to facilitate the submission of complaints by individuals and the subsequent handling of complaints by Data Protection Authorities (DPAs) in cross-border cases.

EDPB Chair, Anu Talus said: “The template is one of the commitments the EDPB Members made during their high-level meeting of April 2022 in Vienna to boost enforcement cooperation among DPAs. It will facilitate the cross-border exchange of information regarding complaints between DPAs and will help DPAs save time and resolve cross-border cases more efficiently."

The template takes into account existing differences between national laws and practices. DPAs will use it on a voluntary basis and can adapt it to their respective national requirements.

...

The European Parliament adopted its position on the AI rulebook with an overwhelming majority on Wednesday (14 June), paving the way for the interinstitutional negotiations set to finalise the world’s first comprehensive law on Artificial Intelligence.

The AI Act is a flagship initiative to regulate this disruptive technology based on its capacity to cause harm. It follows a risk-based approach, banning AI applications that pose an unacceptable risk and imposing a strict regime for high-risk use cases.

...

On Wednesday, the European Parliament adopted its negotiating position on the Artificial Intelligence (AI) Act with 499 votes in favour, 28 against and 93 abstentions ahead of talks with EU member states on the final shape of the law. The rules would ensure that AI developed and used in Europe is fully in line with EU rights and values including human oversight, safety, privacy, transparency, non-discrimination and social and environmental wellbeing.

...

The agreement among the leading groups in the European Parliament on the AI regulation is dead, opening the door for amendments from both sides of the aisle.

The AI Act is a landmark legislation to regulate Artificial Intelligence based on its potential to cause harm. The European Parliament is set to vote on the legislative proposal on 14 June, as the deadline for tabling amendments passed on Wednesday (7 June).

At the end of April, the four main political parties agreed that they would not table alternative amendments, with the partial exception of the European People’s Party (EPP), which was granted some flexibility on the issue of remote biometric identification.

...

Abbiamo aggiornato le nostre Privacy Resources https://www.privacyresources.eu/ @privacyresources
con l'ultimo documento pubblicato dall'#EDPB, in particolare le "Linee guida 04/2022 sul calcolo delle sanzioni amministrative pecuniarie ai sensi del GDPR".
#privacy #protezione dei dati #GDPR
@privacy

We updated our Privacy Resources https://www.privacyresources.eu/ @privacyresources
with the latest document published by the #EDPB, particularly the "Guidelines 04/2022 on the calculation of administrative fines under the GDPR".
@privacy #privacy #dataprotection #GDPR