The IAPP just wrapped its Global Privacy Summit 2022 in Washington. My job was just to show up, but I want to toot the horn for all my colleagues who made it happen. It was a blast.
Here is my short list of European-flavored takeaways from Summit for those of you who didn’t make it:
For EU Commissioner for Justice Didier Reynders, “privacy is a defining issue of our time.” Apple’s CEO Tim Cook and Microsoft’s President and Vice Chair Brad Smith, who each keynoted at the conference, both passionately concurred with that statement; although they had a slightly different take on what that means for technology regulation. Reynders also anticipates that trans-Atlantic cooperation will intensify as the revived Transatlantic Consumer Dialogue looks at the interplay between consumer protection issues and privacy.
You can replay the opening sessions and read some of our coverage of Tim Cook and Brad Smith.
During a panel on EU-U.S. Privacy Shield and trans-Atlantic data flows, the European Commission’s Bruno Gencarelli and U.S. Department of Commerce’s Chris Hoff, lead negotiators for the newly agreed Trans-Atlantic Data Transfers Framework, spoke with one voice to tout the significance of the announcement. They also stressed that there is still work ahead (see here for full read-out). “Right now, the ball is in the U.S. court,” Hoff said, “and it has not lost any steam” in the Biden administration. They stressed that most changes bear on the U.S. government, not on organizations that will self-certify to the Privacy Shield. During a separate panel, EDPB Chair Andrea Jelinek said she hoped that if/when there is a “Schrems III” case, “we will be on the safe side,” adding, “EDPB is committed to playing a constructive role” during the approval process.
Next steps: The U.S. Department of Commerce plans to release guidance on what the changes mean for companies conducting transfer impact assessments, as the safeguards underpinned by the future agreement will apply to all transfer mechanisms such as SCCs and BCRs. Both officials predict that the deal could take full effect towards the end of the year.
We also saved you some IAPP stickers! You can plan to collect them during the next Europe Data Protection Congress in Brussels in November! (See how I did that?).
In short and actually in Brussels:
- We may see a deal reached on the Digital Services Act on April 22 as the proposal is in the final rounds of trilogue negotiations.
- AI Act. The European Parliament co-rapporteurs finalized their draft report on the proposed Artificial Intelligence Act, which will now be heavily debated within the EP. The Council of Member States is more advanced in its discussions and may reach a so-called general approach before the summer. It will then have to wait for the EP to reach its own position (expected 9 Nov.) before trilogue negotiations can start. Still a long road ahead!
Comments, suggestions, complaints? I am just an email away: iroccia@iapp.org
Photo by Yannis Papanastasopoulos on Unsplash