"There will be no further ex-Spain-ation. There will just be reputation." Not my greatest attempt at paraphrasing a Taylor Swift song, I will give you that, but hopefully it gets the message gets across: when it comes to digital ambitions, Spain is getting stuff done, at the helm of the Council of the EU and at home. Over past months, the number of Spanish-led initiatives across digital policy, broadly speaking, has been staggering. The political impetus it is placing behind its EU presidency shows the country's assertiveness in positioning at a European level on issues it deems strategically important.
Most recently, Spain's data protection authority, the Agencia Española de Protección de Datos, and the EU Agency for Cybersecurity hosted a conference titled "Data spaces in the EU: Synergies between data protection and data spaces, EU challenges and experiences of Spain." Data spaces were one element of the European strategy for data launched in February 2020 with the promise that "Common European data spaces will ensure that more data becomes available for use in the economy and society, while keeping the companies and individuals who generate the data in control."
Among others, the European Commission had planned to "promote the development of common European data spaces in strategic economic sectors and domains of public interest," including manufacturing, "green deal," mobility, energy, skills, finance and health. To this day, only the latter two have effectively led to a legislative proposal, still being debated.
Though there is slower movement than anticipated at EU level, AEPD Director Mar España Martí nonetheless set the tone and her expectations saying, when it comes to data spaces, the EU General Data Protection Regulation "cannot be understood as just paperwork. Limiting ourselves to a strict compliance is not enough."
Head of the AEPD's Technological Innovation Division Luis de Salvador Carrasco added on the importance of ensuring data sovereignty in the context of data spaces, using management tools, legal tools and technical tools. Relatedly, he stressed the importance of (privacy) governance and the role DPOs and other data protection specialists play in this respect. Given the issues raised by the concept of data spaces, he expects "DPOs [to] have deep knowledge about data management, data science technology and of course public and administrative law."
Elsewhere:
- The U.K. Information Commissioner's Office held its annual Data Protection Practitioners' Conference this week. When asked about what is to come, ICO officials mentioned enforcement on cookies and data breach reporting. The ICO is also focused on concerns about the Data Protection and Digital Information Bill and changes it might bring to the role of data protection officers.
- The European Parliament is in session this week. Notably, it adopted its negotiating position on the European Media Freedom Act, proposed by Vice President for Values and Transparency Věra Jourová in September 2022. The proposal aims to set clear principles to protect editorial independence, establishing strong safeguards including to counter the use of spyware against media.
- Upcoming trilogue debates will further bring to light the inherent intricacies of member states positioning in this debate. The EU position will have to reconcile a wide spectrum of positions, including more repressive ones such as Hungary, which has been criticized by Brussels in the past for its national reforms impacting the free press. But it will also have to navigate troubled waters with countries like France, which recently came into the limelight for law enforcement practices against journalists.