“Europe as a task.” In 1996, then-Czech Republic President Václav Havel fathered this expression to call on Europeans to take responsibility for global environmental and social and economic challenges and to lead by example. Setting this motto in EU-policy-speak relevant to privacy pros, it means that the Czech Republic — already a third into its Presidency of the EU Council — will seek to accomplish the following by end of December:
- Continue discussions on the Artificial Intelligence Act and the eIDAS Regulation proposals to secure a common EU Council position on each file by the end of 2022.
- Advance discussions on the Data Act as much as possible.
- Engage on the forthcoming Cyber Resilience Act proposals on the security of information and communications technology products in the fall.
It also ambitions to reach an agreement with the European Commission and Parliament on the Declaration on European Digital Rights and Principles. The commission proposed this declaration in January to define a set of principles for a human-centered digital transformation and set out shared political intentions to citizens, businesses, public administrations and policymakers. Don’t hold your breath: This declaration would not be groundbreaking, but rather state in a somewhat solemn way many commitments that have been enacted through prior statement and legislation already.
The declaration’s proposed principles range from putting people at the center of digital transformation to boosting sustainable digital solutions. Its “Safety, Security and Empowerment” chapter references the rights to personal data protection and confidentiality. Fascinatingly, it also states “everyone should be able to determine their digital legacy, and decide what happens with the publicly available information that concerns them, after their death,” and proposing the EU commit to “ensuring the possibility to easily move personal data between different digital services.” It’s noon as I write these lines and I am only on my second coffee so I am not sure how these two concepts work together. This chapter also looks at living people, children and young adults in particular with a proposed commitment to promote a safe digital environment, ensure they can acquire skills to be safe online, and be protected from harmful and illegal content.
Elsewhere:
- The European Data Protection Board is running a consultation on its certification transfer tool until Sept. 30. The guidelines adopted in June provide guidance on the application of Article 46 (2)(f) of the EU General Data Protection Regulation on transfers of personal data to third countries or to international organizations on the basis of certification.
- The Digital Services Act and the Digital Markets Act are both expected to be formally approved by the EU Council mid-September, at which point they will enter into force 20 days after the publication. The DSA provisions will start to apply 15 months thereafter; the DMA will start to apply, at the earliest, six months thereafter and with sequential application of some set of provisions.
- Debates on the Artificial Intelligence Act and the Data Act will continue and carry over into 2023.