EU Tech Policy Brief: September 2020 Recap

This is the September 2020 recap issue of CDT’s monthly EU Tech Policy Brief. It highlights some of the most pressing technology and internet policy matters under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on them.

Iverna McGowan named Director of CDT’s Europe Office

CDT is pleased to announce that Iverna McGowan joins the organisation today as Director of the Europe Office. McGowan is recognised as a prominent leader in human rights advocacy in the EU, and champions placing international human rights standards at the core of technology law and policy. She comes to CDT from the United Nations Human Rights Office of the High Commissioner (UN Human Rights, OHCHR), where she led efforts to protect online civic space. 

“CDT has developed an international reputation as a resource for thoughtful analysis on how to protect human rights in a digital world. I am excited to join and grow its Europe team,” says McGowan. 

“Europe is at a crucial juncture, debating law and policies that could make or break democracy. With its multistakeholder approach, and in-depth expertise built over its decades-long work on technology and society, CDT is well poised to weigh in on these debates and be a powerful guardian of the public interest.” 

Read the related press release and blog post from CDT’s President & CEO, Alexandra Givens, for more information.

CDT’s US team holds annual Tech Prom in virtual space

CDT was pleased to organize its 2020 Virtual Tech Prom after the COVID-19 pandemic forced cancellation of the original event in April. Tech Prom is CDT’s only fundraising event, where CDT staff and guests renew bonds of friendship, professional camaraderie, and have the opportunity to learn from subject matter experts in a variety of fields.

The virtual version convened the full audience at the beginning for remarks by Alexandra Givens, Ford Foundation President & CEO Darren Walker, and U.S. Senator Ron Wyden. The group then divided into smaller breakout rooms for more intimate conversations on key issues in tech policy today such as racial justice and technology policy, complex challenges raised by content moderation, addressing algorithmic bias in policy, election security, and much more.

CDT is deeply grateful to the attendees and supporters of this event, allowing CDT to continue its work during this vital and active time for technology policy, including significant work responding to the COVID-19 pandemic.

CDT submits comments to the European Commission’s AI impact assessment

CDT filed brief comments in response to the European Commission’s AI Impact Assessment, in which the Commission sought feedback on how it should approach the regulation of artificial intelligence applications. CDT suggested a hybrid approach to regulation, urging the Commission to clarify where existing law might be brought to bear in situations involving AI. We also encouraged the Commission to further refine the principles expressed in “soft law” documents, such as the Ethics Guidelines for Trustworthy AI, so that practitioners are better able to develop and use applications in accordance with high-level guidelines. The Commission must further refine its regulatory approaches by being more precise, for example by specifying in greater detail which uses of AI applications it wishes to address through regulation. 

CDT responds to the public consultation on the Digital Services Act

CDT’s EU Office (CDTEU) responded to the European Commission’s consultation on the Digital Services Act (DSA). In its responses, CDT focuses on its core mission to strengthen individual rights and freedoms in the digital age. We emphasize the importance of maintaining a clear and strong intermediary liability framework at the heart of the DSA, and recommend specific improvements and clarifications to secure a harmonised, transparent rights-protective notice-and-action framework. We urge the Commission to maintain the prohibition against general monitoring obligations, put forward recommendations for the functioning of companies’ content moderation systems (including automated tools), and provide advice for increasing transparency from both companies and governments.

Moreover, we discuss issues of fair competition in the market, the importance of the enforcement of data protection rules, the importance of setting the right rules and ensuring transparency of online advertising, and raise a number of points about the possibilities of enforcement and governance arrangements for digital services.

CDT responds to the public consultation on the European Democracy Action Plan

In addition to our submission to the DSA public consultation, we responded to the European Commission’s consultation on the European Democracy Action Plan (EDAP). The EDAP is one of the political priorities of von der Leyen’s Commission. Topics covered include manipulation and external interference in elections, media freedom and pluralism, and the fight against disinformation. In our response, we warn the Commission against the risks related to defining “political ads” and advocate for clear transparency measures on all kinds of ads. Transparency will be a key element to enable watchdogs such as public authorities mandated to uphold electoral law and enforce electoral safeguards.

In relation to the use of personal or demographic data to microtarget individual voters, we recommend more robust enforcement of the General Data Protection Regulation (GDPR), as well as further reflection on the need to make users more aware and in control. Moreover, we discuss the importance of ensuring that any new regulations for online campaigns comply with applicable EU and international laws and do not disproportionately restrict human rights. Finally, we discuss the role of selected content moderation practices in tackling disinformation or harmful content, and reiterate some key points from our DSA submission such as the need for creating a harmonised, transparent, rights-protective notice-and-action framework.

FDPIC says Swiss-U.S. Privacy Shield does not provide adequate level of data protection

On 8 September 2020, following his annual assessment of the Swiss-U.S. Privacy Shield regime and the European Court of Justice’s (ECJ) Schrems II decision of 16 July 2020, the Federal Data Protection and Information Commissioner (FDPIC) reassessed the Privacy Shield. The FDPIC decided to remove the United States from its list of countries deemed to provide an “adequate level of data protection”. It concluded that, although the agreement guarantees special protection rights for persons in Switzerland, it does not provide an adequate level of protection for data transfer from Switzerland to the U.S. under the Federal Act on Data Protection (FADP). 

From now on, businesses must reassess their cross-border data transfers in light of the FDPIC’s statement. However, contrary to the situation in the EU where the ECJ invalidated the EU-U.S. Privacy Shield, the FDPIC’s reconsideration of the United States’ adequacy does not formally invalidate the Swiss-U.S. Privacy Shield. It therefore remains legally valid, and the situation should remain unchanged until the United States decides to withdraw from the Privacy Shield framework. For more information on the Schrems II case, see CDT’s related press release.

European Commission’s President presents her first State of the European Union address

European Commission President Ursula von der Leyen presented to the European Parliament on her vision in her first State of the European Union address. With regard to technology policy, von der Leyen focused her speech on data, emerging technologies and AI, and digital infrastructure. In the next five years, the amount of industrial data worldwide will supposedly quadruple, and the Commission aims to draw upon this potential and provide support to EU companies, SMEs, start-ups, and researchers in this area. For instance, the common European data spaces will support innovation ecosystems in which universities, companies and researchers may access and collaborate on data. The speech also highlighted the European cloud initiative.

With regard to AI, the President reiterated the Commission’s human-centric approach: “Algorithms must not create black boxes, there must be procedures when things go wrong,” she said. The Commission also plans to propose a secure European e-identity, that will allow EU citizens to use it for various services such as paying taxes or renting a bicycle. The use and control of personal data will be a crucial part of this proposal. In the area of digital infrastructure, von der Leyen called for a “common approach on connectivity”, looking to drive expansion of 5G, 6G, and fiber, and announced a €8 billion investment in super computer technology.