The U.S. isn't the only western jurisdiction experiencing a change in political leadership. The new European Commission is slated to be seated 1 Dec. for a five-year term, assuming the 26 nominated commissioners are all approved by the European Parliament in time.
Questions around what the new Commission's digital regulatory priorities could look like were among the conversations at the IAPP Europe Data Protection Congress 2024 in Brussels. A new round of potential tech regulations could place additional attention on member states' collective efforts to streamline collaboration on cross-border data protection enforcement, which by itself was another major topic of interest among attendees.
In a breakout session dedicated to the potential digital regulatory agenda, panelists primarily believed the Commission's new composition would likely slow the pace of drafting more technology regulation compared to the previous Commission, which saw outgoing European Commissioner for the Internal Market and Services Thierry Breton push to pass both the Digital Markets Act and Digital Services Act, as well as the Commission's work to get the EU Artificial Intelligence Act over the finish line.
However, unlike the Commission's prior makeup — where a smaller number of commissioners handled items in the digital regulatory portfolio — it is anticipated that upward of 11 commissioners in the upcoming cycle may have several overlapping responsibilities in areas such as AI, cybersecurity, cloud computing and other general digital policy items, according to Bird & Bird Regulatory and Public Affairs Director Francine Cunningham.
"In this new structure, there are numerous commissioners who will have a say in some aspect of tech policy,” Cunningham said. "There's multiple complex, overlapping layers of responsibility. There are lots of rumors going around about why the Commission president chose this complex structure, and one of the leading theories is that it means if the commissioners cannot agree on a particular subject, then (European Commission) President (Ursala) von der Leyen will have the casting vote and will be able to reshape the more controversial and delicate policies in this space."
One of the major regulations expected to be addressed by the new Commission in the upcoming term is the Digital Fairness Act, which would be a product of the recently completed Digital Fairness Fitness Check. The Commission published its findings in October and called for von der Leyen to introduce a draft DFA as part of the next Commission's work to address consumer fairness problems, such as dark and addictive design patterns, and personalized targeted advertising.
European Tech Alliance Secretary General Victoria de Posson said incoming European Commissioner for Democracy, Justice and the Rule of Law Michael McGrath testified in his confirmation hearing that if the DFA was to ultimately pass, it would only "fill in gaps" in the DMA and DSA. However, she added that once her organization pressed McGrath on the potential intent of a DFA, he reportedly said it could touch on EU patent law impacting European tech firms.
De Posson added many of the discussions about what a potential DFA would look to accomplish is already contained in regulations, such as the DMA and DSA.
"Since 2022, there's been five pieces of legislation that cover our patents," de Posson said. "There is a gap between the intent and the theory, and the practice here."
"Then, when we ask concretely, 'What does that mean for European competitiveness and credibility of European companies to compete on the global scale?'" she continued. "(McGrath will say), 'That's not my concern here, I want to protect consumers.'"
A push for cross-border enforcement collaboration
While many digital regulations are already in effect in the EU, policymakers at both the EU level and within national governments are focusing their attention on ensuring existing legislation is applied consistently throughout the bloc.
In the opening keynote at DPC, outgoing European Commissioner for Justice Didier Reynders called for passage of the regulation to harmonize EU General Data Protection Regulation cross-border enforcement, for which EU institutions are about to open the first round of trilogue negotiations.
Reynders advocated for regulators at both the EU-level and within member states to enforce and interpret data protection rules in a "consistent manner under fundamental regimes," while calling on data processors to account for privacy compliance at earlier stages in their product development.
"All this inevitably requires innovative thinking, multidisciplinary solutions and modern forms of cross regulatory cooperation," Reynders said. "I'm convinced that this will be a central focus of our work in the next years — the implementation of the different digital (regulations)."
Potential hurdles to enforcement harmonization
During another breakout session focusing on improving cross-border GDPR enforcement cooperation, European Commission Deputy Head of the Data Protection Unit Karolina Mojzesowicz said passing the cross-border GDPR harmonization regulation still does not guarantee member state data protection authorities will apply GDPR requirements consistently, which could still create legal uncertainty for businesses from one country to another.
"The procedural regulation provides for the procedure in order to enforce the GDPR in cross-border cases," Mojzesowicz said. "It does not say or regulate the cooperation between different (DPAs). It doesn’t address it at all."
In the absence of a specific requirement mandating member state DPA cooperation in the proposed cross-border enforcement regulation, European Data Protection Board Legal Officer Alexandre Lépine recommended the DPAs take action to create a process for complainants that seeks the same information when lodging a GDPR complaint. He also recommended DPAs work together as soon as possible while conducting an investigation going forward.
"We understand there is a problem, but when the problem starts can we start the cooperation (among) DPAs earlier in the process?" Lépine said. "That will help ensure that all the authorities have the same understanding of the case early on."
Alex LaCasse is a staff writer for the IAPP.
