Today, Brussels travels to Washington. More precisely, European Commission President Ursula von der Leyen is meeting with U.S. President Joe Biden. As far as we know, privacy is not on the agenda and that might be a good sign.

Even if you’ve been following from a distance, you know there are a lot of streams to trans-Atlantic data flows and its developments. My colleague Joe Jones shared his insights in this very column last week. The approval process of the EU draft adequacy decision is well underway. In the past weeks, the European Data Protection Board released its nonbinding opinion. European Parliament drafted a nonbinding resolution and hosted EDPB Chair Andrea Jelinek for an exchange of views. For whoever was around at the time of Safe Harbor and Privacy Shield invalidations, there will be a very acute sense of deja vu when watching the debate’s replay.

Ahead of the debate, Committee on Civil Liberties, Justice and Home Affairs Chair MEP Lopez Aguilar declared the Trans-Atlantic Data Privacy Framework "falls short of meeting the minimum standards of the (EU General Data Protection Regulation) and Court of Justice of the European Union" but stressed the need to "get it right this time." He and other MEPs, dubious of the robustness of the trans-Atlantic agreement, cited among other things the reversible nature of executive order 14086 or the lack of transparent redress mechanisms for EU citizens.

Jelinek walked MEPs through the EDPB nonbinding opinion, concluding that though "the new framework is certainly a significant improvement over previous arrangement, some concerns still remain and should be adequately addressed" by the commission.

Rest assured that as tortuous as it might be at times, the trans-Atlantic relationship on broader privacy and digital issues arguably harbors fewer friction areas than before. Indeed the recent 2023 Trade Policy Agenda and 2022 Annual Report of the Office of the U.S. Trade Representative only clearly references digital tax initiatives across the EU as a topic it is monitoring closely. It also flags concerns about "EU legislation impacting U.S. digital services suppliers and companies in a variety of manufacturing sectors," read in particular the Digital Services Act, Digital Marketing Act and certain cybersecurity draft measures that could morph into market access issues and trigger localization measures in particular.

The USTR and its European counterparts continue to leverage the EU-U.S. Trade and Technology Council to advance common goals, including those on artificial intelligence. Common goals in this context mean ensuring technological developments can still happen on this side of the pond, but it does not go as far as regulating in lock step.

Elsewhere:

  • The IAPP is packing its suitcases and heading to Paris next week for its upcoming Data Protection Intensive: France 2023 conference, its largest ever to date. The agenda promises a lot of interesting discussions. France hosts arguably one of the most active data protection regulators in Europe with its data protection authority, the Commission nationale de l'informatique et des libertés. It is also one of the most influential countries on the EU political scene. As Brussels continues to debate the AI Act, the CNIL is already positioning and in fact has been dubbed the future AI regulator. The CNIL is also assertively enforcing privacy rules, looking at cookies, cybersecurity, data sharing and privacy compliance issues at work. It is definitely a space and a country to watch.
  • The European Commission started putting pen to paper on its upcoming proposal to harmonize procedural rules relating to GDPR enforcement. It is encouraging stakeholders to participate in the public consultation, open until March 24, to inform drafters views on pain points. The proposal is expected late spring and, given its nature, should be wrapped up before the EU goes into election mode ahead of the 2024 parliamentary elections.
  • The European Parliament hosted a day-long workshop on the draft AI Act (yes, AI, still and again). I'll sum up the dominant tone of the discussions by paraphrasing the words of AI Act Co-rapporteur and Romanian MEP Dragos Tudorache: "In the world of AI, the U.S. is the innovating actor, China is the emulating actor, the EU is regulating actor."