Greetings from Brussels!
I write to you just as this year’s IAPP European Data Protection Congress comes to an end. Though I’m still processing the amazing conversations and rich content from the last 72 hours, I thought I’d attempt to provide a few key highlights from this whirlwind week in Belgium.
Brussels is a busy place at the moment, as many of you likely know. The alphabet soup of digital regulation is in full swing, so navigating the Digital Services Act, Digital Markets Act, Digital Governance Act and the Data Act will be no small task. Sure, these aren’t purely data protection laws or proposals, but there is some overlap and complexity will only increase. As Mastercard Senior Vice President, Assistant General Counsel, Europe Data Protection Officer Helena Koning, CIPP/A, CIPM, said during the Privacy and Data Protection Forum on our active learning day, “overall, the data compliance space is growing more complicated.” Not only are practitioners feeling the pressure, but data protection regulators voiced concerns, as well. European Data Protection Supervisor Policy and Consultation Head of Unit Anna Buchta mulled how current and new regulators will effectively manage this space, noting that “the shared complexity and fragmentation of enforcement will be very challenging.”
A big focus for me this week involved the proposed Artificial Intelligence Act. Again, not a purely data protection law, but one that significantly overlaps with our space, the AI Act would be the world’s first horizontal regulation of the artificial intelligence ecosystem. For now, the proposal takes a risk-based approach, whereby “high risk” AI would need to run through a number of obligations prior to deployment. The European Parliament is frantically working on its text, while the European Council recently shared its updated text last Friday.
To dive a bit deeper into the Parliament’s work, I visited the European Parliament to discuss the state of play with AI Act co-rapporteur Dragoş Tudorache. He graciously invited me to his office where we discussed the proposal for an hour. He even let me record our conversation, which I intend to release as a podcast very soon, so stay tuned for that! I can tell you up front, the hope for the AI Act is that it will keep up with innovation — through several channels, including its risk-based approach (Tudorache says 80-90% of AI systems would not be regulated by the act), sandboxes, among other potential solutions.
I’d be remiss if I didn’t mention ahead of next week’s World Cup that Wednesday’s opening general session included a fascinating conversation about data collection and biometrics in sports. Irish Data Protection Commissioner Helen Dixon moderated the panel, which featured the head of data protection for FIFA, Jorge Oliveira e Carmo, CIPM, a former pro football (soccer in the U.S.) player and current Deputy Commissioner at the Irish DPC Graham Doyle, FIFPRO’s Alexander Bielefeld and LawInSport’s Sean Cottrell. As Oliveira e Carmo said at the start, this year’s tournament “will be the most technological World Cup ever” (his comment seemed all the more appropriate as he spoke to us virtually from the location of the final match in Qatar). For those of us who enjoy sports, it’s easy to overlook the many data protection and privacy issues placed on athletes, particularly on young children who are just entering their given sport. Not only is biometric information collected from players — for health, performance and gaming reasons — but at stadiums, teams are leveraging technology to increase fan engagement.
And we can’t have a data protection conference in the EU without diving into trans-Aatlantic data flows. By Thursday afternoon, our own Caitlin Fennessy, CIPP/US, moderated back-to-back panels on the proposed EU-U.S. Data Privacy Framework. Session one featured the inimitable Max Schrems and Eduardo Ustaran, CIPP/E. Though I can’t possibly summarize the discussion here, I will say that Schrems used some props to demonstrate what he thinks of the U.S. proposal for redress mechanism. Oh, and what should be unsurprising to most of you, Schrems will plan to challenge the agreement. For more details on these sessions, be sure to check out reporting from our own Joe Duball.
I have barely scratched the surface of what I took part in and learned this week, but I can assure you our editorial team will be sharing more content in the coming weeks. Suffice to say, we have a lot of work ahead!
For those of you who attended this week, we hope you enjoyed the show and safe travels home!