Newsletter (102)

Modern Artificial Intelligence (AI) models often work as opaque decision-making engines (black boxes); reaching conclusions without much transparency or explanations on how a given result is obtained. In an era where AI has become an integral part of our lives, where recruiters, healthcare providers, and other fields, rely on this tool to make decisions impacting individuals, understanding the way AI works is essential.

Could Explainable Artificial Intelligence, or XAI, be a way forward, a potential solution? But, what is XAI, how does it work in practice? What are its benefits, but also its risks, its relationship with data protection? What impact may XAI have in the years to come?

These are some of the questions that our distinguished guest speakers and experts tackled during the EDPS’ Internet Privacy Engineering Network (IPEN) hybrid event, chaired by EDPS Director Leonardo Cervera Navas.

IPEN, established almost 10 years ago by the EDPS, brings together data protection and technology experts, as well as other pertinent actors, to discuss relevant challenges of embedding data protection and privacy requirements into the development of technologies.

To find out more about XAI, its benefits, but also risks, and relationship to data protection, check out the video recordings of the IPEN event. You can also read the EDPS Director’s blogpost summarising his reflections on XAI.

“Ideas that drive our digital world” was the topic of this year’s 16th International Conference on Computers, Privacy and Data Protection (CPDP), which took place in Brussels, on 24-26 May 2023.

CPDP is one of the leading data protection and privacy conferences in Europe and around the world. It is a platform that triggers in depth discussions and innovative ideas to ensure data protection.

The conference, held each year, gathers academics, lawyers, practitioners, policy-makers, industry and civil society from all over the world to discuss and exchange ideas on the latest emerging issues and trends in the data protection and technology fields.

As per tradition, EDPS colleagues were also present; sharing their views and expertise by participating in key panel discussions held. This included a panel on enforcement of data protection by design and default, which explored the consequences for the uptake of privacy-enhancing technologies in the EU, panels on targeted and behavioural advertising, a workshop on the right of access to police databases to name a few examples.

Concluding this CPDP edition, the European Data Protection Supervisor, Wojciech Wiewiórowski, highlighted that when it comes to protecting individuals’ fundamental rights to privacy and data protection, context matters, because what is deemed to respect privacy in one situation can sometimes be deemed as its utter disrespect in another. The emerging ideas that drive our digital world are continuously changing the context, he stated as final remarks.

Read the Supervisor's concluding remarks made at CPDP, available here.

What is a data protection officer (DPO) and how do they help protect your personal data?

Most public and private organisations or entities in the EU have a DPO. According to the data protection rules applicable to EU institutions, bodies, offices and agencies (EUIs), all of them must have a DPO.

For the EDPS, DPOs are the true guardians of data protection in practice. With their work, DPOs build the bridge between organisations and citizens, by providing practical advice on how to ensure compliance with data protection law.

Part of the EDPS’ job, as a supervisory data protection authority of the EUIs, is to support DPOs in their work, which it does, by, for example, providing guidance and training sessions, discussing topics in roundtables and organising bi-annual meetings each year.

This year was no exception. After meeting earlier in December 2022, the EDPS and the network of EUIs’ DPOs met again this 12th May 2023 for its 52nd meeting to take stock of the work done, the progress made, as well as the challenges that lie ahead on diverse matters permeating to data protection. At the EDPS’ request, a small group of DPOs was actively involved in the preparation of the meeting.

Up high on the agenda was the complex issue of transfers of personal data outside the EU/European Economic Area, for which a dedicated session was planned. This was followed by a series of workshops; presentations the EDPS’ pilot projects Nextcloud and the use of Open Source Software; our alternative social media platforms, EU Voice, and EU Video, which were especially important because EUIs have the chance to play a unique role in paving the way to a more sustainable approach to the use of technology.

You can read more about the 52nd EDPS-DPO meeting and cooperation in a blogpost, written by EDPS Director, Leonardo Cervera Navas.

The EDPS has issued five Opinions on the European Commission’s Recommendations to open negotiations for International Agreements on the exchange of personal data between Europol, the EU Agency for Law Enforcement, and the competent authorities of five Latin American countries: Ecuador, Brazil, Peru, Bolivia, and Mexico to fight serious crime and terrorism.

The EDPS Opinions aim to provide advice on further developing data protection safeguards in these future International Agreements so that individuals’ personal data is protected according to EU standards.

The EDPS recommends that the future International Agreements explicitly list the criminal offenses and purposes, for which individuals’ personal data may be exchanged. The International Agreements should also provide for a periodic review of the time during which transferred personal data is stored, and to put in place appropriate measures to ensure that these time periods are respected. The EDPS also notes that additional safeguards are put in place for special categories of data (such as personal data revealing ethnic origin or sexual orientation), as well as in the case of automated processing.

Taking into account the risks associated with transfers of personal data from a country outside the European Union/European Economic Area to Europol, especially in light of Europol’s extension of powers in its updated Regulation, the EDPS recommends that the future International Agreements explicitly exclude transfers of personal data that has been obtained in violation of human rights.

Read Press Release

Read Opinions: Ecuador, Brazil, Peru, Bolivia, and Mexico

Have you listened to our three-part podcast series Fame vs Privacy? It’s a podcast series that delves into what data protection means to Gen Z and Gen Alpha digital users.

In just a few episodes, the podcast series explores a wide range of topics: from the Digital Services Act and how it can influence the future of Big Tech companies, to how targeted advertising can affect Gen Z and Gen Alpha, and the risks that social media can have on young people.

You will also hear more about some of the potential solutions that the EDPS is promoting, such as alternative social media platforms, to help digital users stay safe online.

Have a listen now!

Listen to Episode 1: 15 seconds of fame for loss of personal data. What does data protection mean to GEN Z and GEN Alpha digital users?

Listen to Episode 2: How to combat emerging risks targeting vulnerable users of social media?

Listen to Episode 3: Alternative social media platforms vs future challenges for policymakers