Blog

[Note: I changed my newsletter’s address to EUTechReg.com, hoping it will be easier to remember than my difficult surname.] Just as we learn that the European Commission’s “GDPR reform” plan is likely to be a performative window-dressing exercise, the EU General Court again denied direct judicial review of a privacy-fundamentalist guidance document from the European Data Protection Board (EDPB) on “pay or OK.

It looks like GDPR reform, touching both its enforcement and its substantive rules, may be happening. I only hope that it will not be a wasted effort. In March, the EU Justice Commissioner announced that the EU Commission’s “simplification” agenda will involve reducing GDPR compliance burdens for smaller organisations.

In recent months, we’ve been hearing about the European Commission’s call for simplification of regulations—an agenda championed by President Ursula von der Leyen. She rightly noted that businesses are overwhelmed by regulations that are “too complex and costly to comply with.

The vibe in Paris around the AI Action Summit feels strikingly different from Brussels. It’s not even the call to pivot away from over-regulation (you can hear that in Brussels). The difference is that, refreshingly, the call seems earnest (in Brussels it very much isn’t).

Just before Christmas, the EU’s data protection authorities (DPAs)—working together as the EU Data Protection Board (EDPB)—issued the hotly anticipated Opinion on AI models and EU privacy law. As it turned out, the excitement about the Opinion was unjustified.

Several recent news items on Apple’s and the EU Digital Markets Act prompted me to update my thoughts on Apple’s struggles with the European Commission and with other software developers. For my previous update, with links to earlier texts, see DMA workshops and privacy.

The EU’s data protection law, the GDPR, requires accuracy in processing personal data. However, generative AI—like large language models (LLM)—may “hallucinate” or reflect information that is false but widely spread. On one hand, inaccuracy may seem like an inherent feature of the technology.

The recent official publication of the EU Artificial Intelligence Act has left several fundamental debates on the legal status of AI in Europe unresolved. Two significant potential legal obstacles to AI development and use remain inadequately addressed: intellectual property and personal data protection laws.

The European Data Protection Board’s (EDPB) Nov. 5 stakeholder consultation on AI models and data protection—organized to gather input for an upcoming Irish Data Protection Commission opinion under Article 64(2) of the General Data Protection Regulation (GDPR)—showcased significant lingering disagreement on how the GDPR should apply to AI.

[First published on Truth on the Market on 12 August 2024] Google recently announced that it has changed its plans to phase out third-party cookies in the Chrome web browser. The company had previously planned to disable third-party cookies in Chrome, a change supported by many in the privacy-stakeholder community, but which was met with criticism from the adtech industry and competition lawyers.