There’s a lot happening in privacy in the EU — from a new trans-Atlantic data flow agreement reached in principle with the U.S. to a suite of proposed data laws as part of the EU digital strategy, enforcement activity and more.
European Data Protection Supervisor Wojciech Wiewiórowski and European Data Protection Board Chair and Head of the Austrian Data Protection Authority Andrea Jelinek shared their insights on the latest in a session moderated by Microsoft Corporate Vice President and CPO Julie Brill at the IAPP Global Privacy Summit 2022.
Noting the “devil is in the details,” Jelinek and Wiewiórowski congratulated both sides on reaching a new Trans-Atlantic Data Privacy Framework, an agreement in principle at this point as details continue to be finalized. Once that happens, the EDPB will be invited to present an opinion, which Jelinek said “we are eager to do.”
The EU-U.S. data flow framework has been successfully challenged in court twice by Max Schrems, honorary chairman of EU-based NGO NOYB. In the likelihood of a “Schrems III,” Jelinek said she hopes that the new agreement “will be on the safe side.”
“I’m very positive on this,” she said. “I think this agreement in principle is the first step in the right direction … It is our commitment to play a constructive role in securing the trans-Atlantic transfers of personal data.”
The trans-Atlantic deal is not the only big item on the DPAs' radar. Legislators are crafting a suite of regulations in the EU. The European Parliament and Council recently reached a provisional agreement on the Digital Markets Act — regulation targeting online advertising, messaging services and other practices of large technology platforms — while the Digital Services Act, AI Act and Data Governance Act are also proposed.
“What’s interesting is that these acts have different roles for the privacy and data protection world and data protection authorities are in different ways interested,” Wiewiórowski said. “The governance of these solutions is an extremely important subject which touches data protection authorities.”
These acts, of course, follow the EU General Data Protection Regulation. In June, Wiewiórowski will host a conference in Brussels, titled “The Future of Data Protection: Effective enforcement in the digital world,” during which GDPR’s efficiency will be discussed and global stakeholders will connect to discuss enforcement strategies.
“We don’t think that in the nearest future we will have some huge change in data protection law in Europe. We are also generally happy for the outcome of GDPR and the enforcement of GDPR. But we try to think ahead,” Wiewiórowski said. “This is the place where we want to talk, maybe more from the perspective of DPAs, but still an open discussion on what are the experiences in enforcement and future models. This is not an examination of cases that happened in the last four years, but a look ahead at what shall be the model for enforcement in digital Europe.”
Wiewiórowski and Jelinek addressed the state of privacy in the United States, where four states have adopted laws and regulations have been proposed by several other states, and a federal privacy law has been hotly debated for years.
Wiewiórowski said the EU is “interested” in what’s happening in the U.S. and the “possibility to have a comprehensive federal law.” He said, “We know this is not an easy process."
Jelinek said companies are not happy with the fragmentation of laws across the U.S. and said there appears to be a window politically for federal legislation.
“We are eager to see how they are doing, what they are doing, and we stand ready to support them with our experience as national supervisory authorities in Europe,” she said.
The EU leaders also shared their thoughts on the future of data protection globally, with Wiewiórowski saying while it’s unlikely there will be “one global solution in the foreseeable future,” it should be discussed.
“Data protection law has shown its possibilities, it has shown its real impact on the quality of data, the quality of cooperation,” he said.
Jelinek sees “progress of awareness” around data protection throughout the world, which she said is “really important.”
“Ten years ago, data protection was not so common and not so popular. Now, everybody is speaking about data protection. In Europe, it’s a fundamental right. I think the U.S. is very close to that,” she said. “I think we are on a good path regarding data protection, not forgetting opportunities but also challenges we are going to face together.”
Photo by Duangphorn Wiriya on Unsplash
If you want to comment on this post, you need to login.