Greetings from The Netherlands! I am writing this week's column on the train passing through the bucolic Dutch landscape. As it stops in the city of Gouda, I am suddenly craving a cheese platter. But that's neither here nor there. The Dutch data protection authority, the Autoriteit Persoonsgegevens, held its "DPO Day" conference in the academic city of Utrecht. While conversations covered many areas, one piece of information stood out for the DPOs (or FG in Dutch). In the context of the European Data Protection Board coordinated enforcement action, the Dutch DPA will send out its questionnaire during the last week of August — several months later than many of its counterparts. Anecdotal evidence indicates that a third to half of participating DPAs have already sent their questionnaires to at least part of their target audience. DPAs have the latitude to choose who to send it to, whether to make it mandatory or voluntary, anonymous or not. In this context, Dutch officials also conveyed a reassuring message the DPA intends to use this questionnaire first and foremost as a fact-gathering tool rather than to feed into an enforcement agenda.
Speaking of enforcement and DPA cooperation, something may be brewing with Article 50 of the EU General Data Protection Regulation. In essence, this provision provides for enforcement cooperation and mutual legal assistance between the EU and other jurisdictions. In its 2021 report on the implementation of the GDPR, the European Commission wrote it intends to use this instrument to improve DPA cooperation.
During a recent conference, European Commission official Bruno Gencarelli mentioned data privacy cooperation on enforcement is lacking compared to other regulated areas such as competition. In this context, he told attendees he wished the EU would explore the article's potential. Earlier in the week, U.K. Information Commission Officer John Edwards spoke before the European Parliament's Civil Liberties committee and interestingly, made a similar reference saying that he "would like to see the Commission and the EDPB use the tolls under Article 50 of the GDPR to facilitate cooperation formally with third country DPAs." The U.K. remains willing and available to work with the EU side on that basis, he added.
Here is what else I am looking at this week:
- On 2 June, European Ministers in charge of transport, telecoms and energy — and often digital — are meeting on a long agenda. Among others, they plan to advance discussion on files, including the Cyber Resilience Act, which looks at security requirements for products with digital elements; the Data Act, which looks at harmonizing rules for access to and use of data, the framework for European eIdentity and, hold on to your hats — ePrivacy. All files are still in progress.
- EU and U.S. officials issued a joint statement on 31 May after holding the fourth Ministerial meeting of the Trade and Technology Council. Launched in 2021 as a way to rekindle transatlantic trade ties, the TTC is seen as a contrastive communication channel for the EU and the U.S. to advance their commitment to deeper cooperation on technology issues, including AI, 6G, online platforms and quantum computing. The joint statement highlights a "special emphasis" on generative AI, complementing the work currently done at the G7 level.