Commission

Subscribe to Commission

On 19 February 2020, the European Commission published details of its data strategy (here), the aim of which is to “create a single European data space – a genuine single market for data, open to data from across the world – where personal as well as non-personal data, including sensitive business data, are secure and businesses also have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value, while minimising the human carbon and environmental footprint.”

The European Data Protection Supervisor (EDPS) published its opinion on the data strategy on 16 June 2020 (here). In essence, the EDPS supports the Commission’s commitment to develop the strategy in full compliance with the General Data Protection Regulation (GDPR) and European fundamental rights and values, including the right to the protection of personal data provided under Article 8 of the Charter of Fundamental Rights of the EU. However, the EDPS took the opportunity in its opinion to remind the Commission of a few specific areas of EU data protection law which it will need to consider in relation to some of the proposals set out in the strategy.Continue Reading EDPS opines on the Commission’s data strategy

On 18 December 2018, the European Commission published draft ethics guidelines for trustworthy AI. The guidelines are voluntary and constitute a working document to be updated over time. The guidelines have been opened up to a stakeholder consultation process.

The guidelines recognise that there are benefits to be gained from AI, but that humankind can only reap the benefits if we can trust the technology (in other words, that the technology contains trustworthy AI). An overarching principle in the guidelines is that AI should be human-centric, with the aim of increasing human well-being.

Trustworthy AI is defined as having two components:

  1. respect for fundamental rights, ethical principles and societal values – an “ethical purpose”, and
  2. be technically robust and reliable.

The guidelines set out a framework for implementing and operating trustworthy AI, aimed at stakeholders who develop, deploy or use AI.Continue Reading Draft ethics guidelines for trustworthy artificial intelligence published by the European Commission

On 25 May 2018 the European Data Protection Board (EDPB) formally replaced the Article 29 Working Party as the European advisory committee on data protection issues. In addition to taking over Article 29 Working Party’s responsibilities in issuing guidelines, recommendations and statements of best practice, the EDPB, which operates as an independent body of the European Union with its own separate legal personality, also takes on a far broader set of responsibilities:

  • examining – on its own initiative or on the request of one of its members or the European Commission (Commission) – any question covering the application of the GDPR;
  • advising the Commission on any issue related to data protection in the EU, including on any proposed amendment of the General Data Protection Regulation (GDPR) and any EU legislative proposal;
  • advising the Commission on the format and procedures for the exchange of information in the framework of the Binding Corporate Rules;
  • providing the Commission with an opinion on the assessment of the adequacy of the level of protection in a third country;
  • providing opinions on draft decisions of the supervisory authorities; and
  • issuing binding decisions in certain instances, mostly about dispute resolution among supervisory authorities.

In its first plenary meeting, which took place on 25 May 2018, the EDPB agreed the final version of Guidelines 2/2018 on the derogations under Article 49 GDPR in the context of international data transfers (Article 49 Guidelines), as well as a set of draft Guidelines 1/2018 on certification in accordance with Articles 42 and 43 GDPR (Certification Guidelines).Continue Reading European Data Protection Board replaces Article 29 Working Party

Last month, the European Commission (Commission) announced plans to bolster the future of artificial intelligence (AI) across the bloc. In a paper on ‘Artificial Intelligence for Europe’, the Commission proposed a three-pronged approach to: (i) increase public and private investment in AI; (ii) prepare for socio-economic changes; and (iii) ensure an appropriate ethical and legal framework for AI. This blog will look at what AI is and the Commission’s proposed strategy.

What is AI?

The Commission defines AI as “systems that display intelligent behaviour by analysing their environment and taking actions – with some degree of autonomy – to achieve specific goals”. AI can be software-based, in the virtual world (such as image-analysis software, search engines or recognition systems) or embedded in hardware (for example, self-driving cars, Internet of Things applications, and advanced robots).

AI is increasingly prominent in our society and used on a near daily basis by most people. Many AI technologies utilize data to improve their performance and guide automated decision-making. The number of technological and commercial AI applications continues to increase, enabling AI to have a transformative effect on society as a whole.Continue Reading European Commission outlines plans to boost artificial intelligence

On 28 February 2018, Andrus Ansip, the European Commission (Commission) Vice President and commissioner responsible for the Digital Single Market strategy, commented that all companies should be able to monetise user data, in the same way that social media companies do. Mr Ansip’s comments reflect the aims of the General Data Protection Regulation (GDPR) to harmonise regulation and protection across the European Union (EU). On a related theme, the Commission also published guidance earlier this year on the direct application of the GDPR.

Mr Ansip’s comments

Mr Ansip commented to CNBC that the Commission has to protect traditional media, and that the aim of the EU was to create a “more equal playing field between telecoms operators and social media platforms”. Mr Ansip highlighted what he perceives to be the unfairness in the data economy: “[s]ome players can use data they have and some other players are regulated, practically it is impossible to use the data they have in their hands … it will be normal when, on the basis of people’s consent, all the players can monetize the data they have.”Continue Reading European Commission VP comments on harmonisation and monetising user data, and guidance on the direct application of the GDPR is issued

Today, the Federal Trade Commission released detailed guidance on privacy in the mobile environment – at the same time it announced its largest-ever settlement with an app developer for alleged privacy violations. Combined with aggressive action on mobile privacy issues by the California attorney general’s office, Mobile Privacy Disclosures provides every company associated with

This post was also written by Amy Mushahwar.

The Federal Energy Regulatory Commission (FERC) issued an order on July 20, 2012 to investigate whether any Authorized Certification Authorities (ACAs) had violated the North American Energy Standards Board (NAESB) Public Key Infrastructure (PKI) Standards, which outline various security requirements and specifications for the electric grid.

This post was written by Cynthia O’Donoghue.

In the Article 29 Working Party’s Opinion on the new EU data protection reforms, the Working Party has carefully studied both the Regulation and the Directive, and has given its first general reaction. The Working Party welcomed the provisions intended to clarify and strengthen the rights of

This post was written by Nick Tyler. 

The European Commission today completed its task of reforming the EU Data Protection Directive by sending a draft Regulation to the European Parliament. The draft Regulation contains comprehensive reforms and seeks to harmonise data protection laws across the 27 EU Member States, and to enhance EU citizens’ privacy