Skip to Content

AI Policy & Governance, European Policy, Free Expression, Government Surveillance, Privacy & Data

EU Tech Policy Brief: March 2023

Also authored by CDT Europe’s Vânia Reis and Rachele Ceraulo

This is the March 2023 issue of the Centre for Democracy & Technology Europe‘s monthly Tech Policy Brief. It highlights some of the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them. Our aim is to help shape policies that advance our rights in a digital world. Please do not hesitate to contact our team in Brussels: Iverna McGowanAsha Allen, and Ophélie Stockhem.

CDT Warns Against Human Rights Risks of Facial Recognition AI Tech in Policing and Immigration

On 10 February, CDT Europe published a new briefing paper that analyses how the EU’s Artificial Intelligence Act addresses the human rights risks raised when law enforcement and immigration authorities use facial recognition technologies.

The brief highlights how the current draft of the AI Act fails to provide sufficient safeguards against the human rights risks that arise when law enforcement uses facial recognition AI systems, especially for at-risk and marginalised groups. It also raises strong concerns about the Council of the European Union’s general approach, which extends the already broad range of situations in which law enforcement can use untargeted biometric identification AI systems — facial recognition systems that scan all faces that appear within a video feed, and identify any individuals that match a watchlist, database, or some other collection of facial images, rather than identifying a single, discrete individual in an image.

The brief lays out a set of recommendations for how EU institutions should approach the upcoming interinstitutional negotiation with human rights compliance in mind. Specifically, it advises the European Parliament to advocate for a ban on untargeted uses of real-time remote biometric identification in publicly accessible spaces, and oppose the Council’s extended list of exceptions. It further cautions about unnecessary and disproportionate uses of targeted biometric scanning by law enforcement authorities, and criminal procedural requirements including the right to be presumed innocent. Finally, it recommends that the Parliament adopt a strong negotiating mandate that protects human rights, in particular those of the most at-risk and vulnerable groups, such as ‘people on the move’.

CDT Joins Euractiv to Talk Remaining Questions around DSA Implementation 

On 17 February, Asha Allen — CDT Advocacy Director for Europe, Online Expression & Civic Space — participated in a Euractiv podcast discussion on unsettled questions around implementation of the Digital Services Act that should be addressed as the EU develops  ‘delegated acts’ that supplement the legislation, and avenues for remedying potential regulatory gaps. She was joined by Luca Bertuzzi, Technology Editor at Euractiv, and Mathias Vermeulen, AWO’s Public Policy Director.

Drawing from CDT’s last report, Allen highlighted the importance of independent researcher access to data, and the concurrent need to protect against potential misuses of the DSA’s transparency obligations by law enforcement agencies or maligned actors. While the EU has strong legal protections that should prevent unjustified law enforcement access to data,  law enforcement could still attempt to compel access to data shared with researchers directly and take advantage of researchers who lack knowledge of their obligations under GDPR to protect any data shared with them. She recommended that researchers be granted protections that prevent authorities from gaining direct or indirect access to data in this way, and that a regime be established that precludes law enforcement from qualifying for researcher status. 

Allen also expressed her concerns about the ways the DSA empowers law enforcement agencies; the legislation designates them as ‘trusted flaggers’ of online content, and also allows them to issue orders against illegal content and for information on users. She reiterated that strong rule of law safeguards must be put in place to prevent potential human rights abuses, and stressed that regulators should recognise the crucial role civil society plays in holding platforms and government agencies to account and ensuring that human rights are protected throughout implementation of the DSA. 

CDT Europe Joins the Digital Policy Leadership Summit  

On 15 and 16 February, CDT’s Europe Director, Iverna McGowan, and CDT’s Advocacy Director for Europe, Asha Allen, joined the Digital Policy Leadership Summit. Organised by Aspiration, the two-day event brought nonprofits and activists together in a space for knowledge sharing, peer support, and relationship-building in Europe to improve and strengthen the digital policy leaders’ community.

Participants aimed to conceptualise a diverse, inclusive, and intersectional vision of leadership, and to build a strategic approach for fundamental rights and social justice in digital policy. In this context, CDT shared ideas on how to ensure that human rights are placed at the heart of EU tech policy.

CDT Speaks to BBC on Disclosure of User Numbers as a Step Forward for Implementing the DSA

Smartphone that shows 5 applications on the screen, with the EU flag in the background (Source: BBC ‘Business Matters’).
Smartphone that shows 5 applications on the screen, with the EU flag in the background (Source: BBC ‘Business Matters’).

On 17 February, Asha Allen joined the BBC’s ‘Business Matters’ podcast to discuss the long-awaited deadline for Very Large Online Platforms (VLOPs) to disclose their average monthly user numbers, as required by the EU’s Digital Services Act (DSA). The disclosure will help regulators determine which entities qualify as VLOPs and Very Large Online Search Engines (VLOSEs) under the DSA.   

Allen welcomed this step and outlined the potential global influence of DSA — the so-called ‘new constitution’ for the internet — and its ‘Brussels effect‘ potential in regulating the digital ecosystem. She also highlighted the extensive obligations for online services under the regulation, the roles and responsibilities of national and European regulators, and the available enforcement measures which all together could mark a paradigm shift for online content governance.  

She noted that the more extensive due diligence obligations for VLOPs and VLOSEs are important for providing more transparency to individuals and users about the online platforms they engage in. Though at the time of broadcast not all online platforms had declared how many  average monthly users they have, Allen expressed the hope that more online platforms would seize the opportunity to take a primary step towards increased transparency, and not adopt an oppositional tone towards the DSA’s requirements. 

CDT Europe Attends UNESCO’s Trust Conference

Unesco event visual featuring Asha Allen and other panellists, with names of the participating organisations and companies, and a green, blue, white coloured background with a picture of the planet.
Unesco event visual featuring Asha Allen and other panellists, with names of the participating organisations and companies, and a green, blue, white coloured background with a picture of the planet.

On 21 February, CDT Europe’s Asha Allen joined UNESCO’s ‘Internet for Trust’ Conference, an international gathering of stakeholders to discuss the draft global guidelines for regulating digital platforms that aim to improve the reliability of information and protect freedom of expression and human rights.

Speaking at a roundtable discussion on how to ensure effective implementation of these guidelines, Allen emphasised the need to recognise some of the broader implementation challenges, such as the power imbalance between platforms and governments on one hand, and on the other, the comparative lack of power of civil society, users of services, and rights holders . 

Allen also presented the findings of CDT’s Defending Data report, which recommends ways to prevent unjustified law enforcement access to data, to implement a tiered approach to data access and data and privacy protections, and to empower an independent advisory body to assist in overseeing such provisions. 

Allen also insisted that national and European regulatory bodies must be independent, in order to ensure that researchers and civic actors are not prevented from engaging in due diligence oversight, especially in areas where democracy has been weakened. She concluded that a clear legislative framework and meaningful due diligence obligations are crucial to ensure a strong regulatory landscape.

Most importantly, to ensure effective enforcement that is guided by a human-rights centric approach, civil society must be involved as a formal and equitable partner in developing and overseeing these frameworks.