A few days before its scheduled 12 Dec. meeting, the European Board for Digital Services met on an ad hoc basis to discuss TikTok's obligations under the Digital Services Act in light of the recently declassified information on Romanian elections and the issue of suspected interference.
The European Commission issued TikTok a data retention order under the DSA, covering EU national elections from 24 Nov. until 31 March 2025, under which it is required to preserve certain internal documents and information, including on its referral systems. TikTok must also respond by 13 Dec. to an information request under the DSA concerning its management of the risks of information manipulation.
According to Euronews, this was followed by an urgent information request from the Commission, with a 24-hour deadline, asking TikTok to clarify information stemming from declassified documents that suggest manipulation and exploitation of TikTok's algorithm during the Romanian elections campaign.
Last week, TikTok also engaged on the application of the DSA in the context of the Romanian elections with the members of the European Parliament's Committee on the Internal Market and Consumer Protection. Parliament's next debate on mis- and disinformation on social media platforms, and related risks to the integrity of elections in Europe, is planned during next week's final plenary session of the year, signaling a high level of scrutiny.
The DSA also popped up during a technical roundtable discussion of the Commission on rules for researchers' access to online platform data. A draft delegated act on data access under the DSA is expected to be adopted in early 2025.
The AI Factories initiative, aiming to turn Europe into the "AI continent," is kicking off. The European High Performance Computing Joint Undertaking announced the selection of seven proposals to establish the first AI Factories in Finland, Germany, Italy, Luxembourg and Sweden that will provide researchers and industry, especially AI startups and SMEs, access to resources needed to develop trustworthy AI systems and models. The deployment of these factories is planned for 2025-26.
The newly appointed European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy Henna Virkkunen said the AI Factories initiative is on track to be a reality "in the first 100 days of the new European Commission," expecting the first results as early as mid-March 2025.
On 10 Dec., the European Data Protection Supervisor provided an update on the European Commission's compliance with its 8 March decision on the Commission's use of Microsoft 365. In its decision, the EDPS concluded the Commission infringed several provisions of Regulation (EU) 2018/1725 — which mirrors the General Data Protection Regulation for EU bodies — including those relating to the transfer of personal data outside of the EU/European Economic Area.
At the time, the EDPS ordered the Commission to halt data flows from the use of the cloud-based services to Microsoft and to its affiliates and sub-processors located in countries outside the EU/EEA not covered by an adequacy decision, as well as to bring its processing operations resulting from its use of Microsoft 365 into compliance.
In this December update, the EDPS confirmed the Commission submitted a report on its compliance with the decision before the 9 Dec. deadline. Without providing any comments on the content of the report, the EDPS only reaffirmed the full applicability of the decision, even though it has been challenged by both the Commission and Microsoft.
Laura Pliauskaite is European operations coordinator for the IAPP.
