Skip to Content

AI Policy & Governance, European Policy, Free Expression, Government Surveillance

EU Tech Policy Brief: December 2024

Welcome back to the Centre for Democracy & Technology Europe‘s Tech Policy Brief for the last edition of the year! This edition highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on the impact to digital rights. To sign up for CDT Europe’s AI newsletter, please visit our website.

Please do not hesitate to contact our team in Brussels: Laura Lazaro Cabrera, Silvia Lorenzo Perez, Aimée Duprat-Macabies, David Klotsonis, and Giulia Papapietro.

👁️ Security, Surveillance & Human Rights

Civil Society Strategises on Tackling Spyware

Spyware remains high on the EU agenda; in Poland, an arrest was recently made in relation to the governmental probe on the use of Pegasus. In this context, on 20 November, CDT Europe convened the Spyware coordination group to strategise on EU-level actions to tackle spyware. The discussion focused on key areas of regulation and advocacy, aiming to build consensus. Points of convergence included the need for definitions of key terms that can adapt to the rapid evolution of spyware technologies, and the strict prohibition of spyware use against journalists.

Photograph of Spyware Coordination Group Hybrid Workshop at CDT Europe’s Office.
Photograph of Spyware Coordination Group Hybrid Workshop at CDT Europe’s Office.

Participants also explored the potential of internal market regulation as a legal basis for addressing the commercial spyware market and industry. Insights from the European Media Freedom Act (EMFA) and the EU Cybersecurity Framework informed discussions, particularly regarding litigation strategies to challenge Article 4 implementation and leverage cybersecurity policies to mitigate spyware threats. 

The workshop highlighted the shared urgency of curbing spyware misuse through coordinated, impactful advocacy and legal action.

All Eyes on Member States’ Actions on Spyware

At the various Pall Mall Process meetings that took place on the sidelines of the Paris Peace Forum, CDT Europe’s Silvia Lorenzo Perez engaged in critical discussions where she highlighted the urgent need for coordinated global action on spyware. 

At a panel held by the Swedish government and Access Now, victims shared powerful testimonies on the devastating impact of spyware abuse. These accounts underscored the urgent need for robust regulatory action to protect human rights defenders. This meeting was followed by a multistakeholder roundtable focused on combating the spread of commercial spyware. 

The day concluded with a Pall Mall Process meeting to review measures aimed at preventing spyware proliferation globally. While governments recognise the dangers of spyware, translating concerns into enforceable legal frameworks remains a challenge. The EU now has a unique opportunity to lead, with Member States at the table tasked with driving critical reforms. With the Polish Presidency of the Council of the EU at the helm, the time is now for bold leadership to address spyware abuse and protect both national security and individual rights.

Recommended read: The Guardian, Ronan Farrow on surveillance spyware: ‘It threatens democracy and freedom”

 💬 Online Expression & Civic Space

Trusted Flaggers in the DSA: Challenges and Opportunities

Implementation of the Digital Services Act (DSA) is at a busy phase, with online platforms starting to release their first annual risk assessment and audit reports (CDT Europe and other CSOs published a joint letter on the process). Another crucial part of the regulation’s implementation rests with the Trusted Flagger Mechanism, which helps combat illegal content online by granting certified entities priority processing of flagged material. CDT Europe and EU DisinfoLab organised a webinar on the topic on 21 November, where over 30 participants, including civil society organisations (CSOs), Digital Services Coordinators, and the European Commission, explored current challenges and opportunities. The system faces significant hurdles, including resource constraints for CSOs applying for certification, misinformation campaigns undermining public trust in Trusted Flaggers, and low uptake due to complex, burdensome processes and unclear benefits. With only 15 certifications granted so far, the mechanism is underutilised. 

Some key recommendations from the event include:

  • Ensuring sustainable funding for CSOs to meet Trusted Flagger obligations’
  • Developing proactive communication strategies to counter misinformation and clarify the role of Trusted Flaggers to the wider public; and
  • Establishing a working group to harmonise practices, support applicants, and address challenges like application complexity.

In our full outcomes report blog, we identify key opportunities for CSOs.

A Human Rights-Centered Application of the DSA

CDT Europe’s Research and Policy Officer David Klotsonis joined a workshop in Vienna, organised by the DSA Human Rights Alliance and hosted by the Organisation for Security and Co-operation in Europe (OSCE). The event focused on exploring principles for a Global Human Rights-Centered application of the Digital Services Act. The participants discussed lessons from other jurisdictions and conflict zones to shape thoughtful DSA implementation, while considering the risks of applying the law to different regulatory environments without accounting for unique vulnerabilities. As the “Brussels Effect” continues to generate buzz, it’s crucial to unpack its real-world implications. How can laws, when removed from their original institutional context, unintentionally—or deliberately—undermine human rights? This workshop offered a timely platform for reflection, and was a source of important insights.

Online Gender-Based Violence: What Now?

Graphic with purple background and white text reading, "Online Gender-Based Violence in the EU: What Now?" Graphic also depicts woman standing in front of a laptop emitting emojis.
Graphic with purple background and white text reading, “Online Gender-Based Violence in the EU: What Now?” Graphic also depicts woman standing in front of a laptop emitting emojis.

Online gender-based violence (OGBV) continues to be a widespread and alarming issue, fueled by misogynistic narratives, that affects women in Europe and around the world. On the International Day for the Elimination of Violence against Women. and in the context of the 16 Days of Activism against Gender-Based Violence, CDT Europe highlighted the EU’s progress on the issue, such as the Directive on combating violence against women and the Digital Services Act. Despite these advancements, problems persist in ensuring the online space is free of this gendered harm. In our blog, we explored the obstacles ahead, emphasising the need for cultural change and effective implementation. 

Recommended read: The Verge, Meta says it’s mistakenly moderating too much 

⚖️ Equity and Data

An Ongoing Battle for Full Accountability for AI Harms

In our latest blog post, we reflected on persistent gaps in EU regulation that hinder accountability for AI-induced harms. Transparency, an inherent challenge for AI systems, is a crucial prerequisite to identifying harms. The AI Act goes some way towards ensuring a base level of transparency in some circumstances, but neglects the importance of procedural safeguards to ensure individuals’ legal access to remedies. This was never the AI Act’s intention, as it was conceptualised around the same time as the AI Liability Directive (AILD), a proposal that outlined basic steps towards easing procedural burdens for complainants in recognition of the hurdles posed by AI’s opaque functioning. Despite the AILD’s process-oriented nature and modest impositions, the draft law is struggling to get off the ground — even as the effective remedies issue in AI remains unaddressed. 

Making the Case for Robust European Regulation

Counsel and Programme Director for Equity and Data Laura Lazaro Cabrera speaks at Euronews’ Tech Summit.
Counsel and Programme Director for Equity and Data Laura Lazaro Cabrera speaks at Euronews’ Tech Summit.

In a debate hosted by Euronews as part of their Tech Summit on 4 December, CDT Europe’s Laura Lazaro Cabrera shared the stage with representatives from DG JUST and CEPS to discuss regulation for consumer protection in the digital age. In the discussion, Laura highlighted the importance of ensuring laws regulating tech include both substantive and procedural safeguards to truly guarantee robust consumer protection. She also noted the importance of challenging the false dichotomy between innovation and regulation, underscoring the value of high product standards and their essential role in preserving health, safety, and fundamental rights. She also questioned the false assumption that underperforming products falling short of robust standards would lead to Europeans missing out — rather, it’s companies that would be missing out on the European market should they fail to find ways to conform. 

Recommended read: The Guardian, Deus in machina: Swiss church installs AI-powered Jesus

🦋 Bluesky

We are on Bluesky! As more users join the platform (including tech policy thought leaders), we’re finding more exciting content, and we want you to be part of the conversation. Be sure to follow us at @cdteu.bsky.social! You can also follow our starter pack of EU tech journalists, to catch the latest digital news in the bubble. Find us also on Mastodon and LinkedIn.

⏫ Upcoming Events 

Liberal Forum Roundtable: On 10 December, our Equity and Data Programme Director Laura Lazaro Cabrera will participate to the the European Liberal Forum’s conference on “The Era of AI: Harnessing AI for Humanity”, bringing together MEPs, APAs, political advisors, civil society, academia, and corporate sector representatives to engage in Chatham House discussions on the role of the EU in advancing AI over the next mandate. 

Kofi Annan Foundation: On 11 December, Laura will speak at the “Comparative lessons from the EU and the US elections in the age of Artificial Intelligence” event organised by Democracy Reporting International (DRI) and the Kofi Annan Foundation (KAF) to reflect upon the risks and challenges generative AI represents for European democracy.