Print

Newsletter (110)

3
Jul
2024

Newsletter (110)

This newsletter presents the EDPS’ main activities of the last 30 days: look back on the topical debates of our Summit, join us for a Techdispatch on neurodata, read up on our Opinion on sustainable fisheries and aquaculture, and more. 

Have a listen.

EDPS Summit 2024: it’s a wrap

EDPS 20th anniversary celebration cake

We are so pleased and thankful to have been able to welcome 800 of you both in person and online at our EDPS Summit: Rethinking data in a democratic society on 20 June 2024! 

For our 20th anniversary, we brought together a variety of experts: from privacy, tech, policy-makers and other influential voices from the public and private sector to discuss the role of a state in times of ever-growing collection of personal data, and what part data protection should play in modern democracies. 
Missed it? Don’t worry; you can catch up on all the Summit’s main and side sessions by watching their video recordings, now all available on the EDPS’ 20th anniversary website. 

The Summit was architected around 5 main sessions, as well as 5 side events to delve deeper on adjacent data protection topics, facilitate exchanges of views, share best practices to shape a safer digital future. 

During the main session on “what is 'data protection' protecting?" our panellists debated on the role of data protection in responding to societal challenges in the digital world, its limits, misconceptions, and untapped potential. 

Then it was time for our second round of experts to discuss the suitability of data protection law for public authorities. During this session, guest speakers questioned whether data protection can effectively curb EU public administration’s data collection practices. As a follow-up, they were invited to share their views on whether data protection law was adequately capturing recent technologies advancements and practices, particularly in light of the EU’s interoperability framework that is underway. 

Soon after, our third main session on possible pathways towards building a functioning democratic oversight took place. Conversations geared towards evaluating whether data protection alone is a sufficient safeguard when data is processed for national security purposes.  

As the Summit progressed, it was time to focus on putting data protection in practice. In the fourth main session, panellists concentrated on the functioning, effectiveness and proactiveness of the GDPR, how the latter can serve as a tool to determine the future, as well as the role of privacy and data protection authorities in these contexts. 

Once the state of play of data protection was dissected, the fifth and final main session of the Summit focused on the future of privacy, for stronger data protection in modern democracies. 

On the margins of these main sessions, we also hosted a book club, unveiling our latest publication “Two decades of personal data protection: What next?”, as homage to our 20th anniversary as the independent data protection authority of EU institutions, bodies, offices and agencies. Additionally, a side session on the challenges that data protection officers encounter in their role, and another on disinformation took place. Our last side session covered the collective and individual aspects of privacy and data protection. 

Check out the EDPS’ 20th anniversary website to catch up on all the video recordings of the main sessions and side sessions of the Summit, photos and 20th anniversary book.

Book launch: Two decades of data protection. What next?

blue background with the book cover and colourful circles in the left upper corner

We’ve published a book: “Two decades of personal data protection. What next?” that retraces the foundations, key milestones and multidimensional aspect of data protection which intertwines with the EDPS’ history, as an institution that has shaped the digital landscape. Based on the lessons learned and challenges overcome, the book also offers an analysis of what the future of data protection could hold.

The Book includes 20 chapters, each written by guest contributors, who share their insights and experiences on one side of data protection, followed by a timeline covering the EDPS’ history, and a collection of testimonials and anecdotes from those who have witnessed and played a part in data protection history.

Want to know more? The book is available to download here.

Happy Reading!

Stronger together to face data protection challenges

dpo meeting

On Wednesday 19 June, the EDPS and the Data Protection Officers' (DPO) network of the EU institutions, bodies, offices and agencies (EU institutions) met for the first traditional bi-annual meeting of the year.

All EU institutions have a data protection officer to ensure their compliance with EU data protection law. The role of a DPO requires independence from the EU institution they work for and expertise in data protection law. The EDPS - DPO network has fostered its collaboration over the last 20 years to embrace technological change whilst making sure that the personal data that EU institutions process is adequately protected.

Each EDPS- DPO meeting is prepared with a DPO support group - a rotating group of DPO volunteers - to guarantee that the topics and pressing issues brought to the meeting are relevant to DPOs. Therefore, it is no surprise that a large part of this edition of the EDPS-DPO meeting focused on Artificial Intelligence. The various sessions on AI covered AI correspondents, the development and use of AI in the EU institutions, followed by a presentation delivered by the data protection authority of France, which included practical recommendations concerning AI.

One of the priorities of the EDPS - DPO meeting is the practical application of data protection law to concrete situations that DPOs and their EU institutions may be confronted with. As such, a number of workshops were organised during the day, including on AI and data protection assessments, data subject access requests. 

The meeting was also an opportunity for the EDPS to provide an update on their work, and how this may impact DPOs’ work. Reciprocally, feedback and views provided by DPOs help inform the EDPS’ work on how to continue their tailored support to them.

Read blogpost on the EDPS-DPO network meeting by EDPS Secretary-General. 

Coming soon: “Human oversight of automated decision-making”

IPEN News

Our next event is coming up soon! The EDPS’ Internet Privacy Engineering Network, in partnership with the University of Karlstad, in Sweden, is hosting a hybrid event on “Human oversight of automated decision-making” on 3 September 2024.

IPEN is a network that brings together privacy experts and engineers from public authorities, industry, academia, as well as civil society to discuss the engineering and technological application of data protection and privacy, and the challenges this may present.

In this new edition of IPEN workshop, experts will tackle some of the following questions, centred on the topic of human oversight and automated-decision making:

  • What does human oversight, laid out for example in the GDPR and the AI Act, mean?
  • Why does human supervision fail?
  • What can be done to make human oversight easier and more effective?

Join us to find possible answers to these questions, and many others, either in-person or online by registering here.

To keep up to date with IPEN news, you can subscribe to the IPEN newsletter. Simply send an e-mail to ipen@edps.europa.eu with the word "subscribe" in the body of the message to get exclusive access to upcoming events and information on IPEN work. 

EDPS - AEPD publish Techdispatch on Neurodata

TechDispatchNeurodata

The EDPS and the AEPD, the Data Protection Authority of Spain, have issued together a TechDispatch on Neurodata.

The brain, together with the spinal cord, makes up the central nervous system, which plays the crucial role of regulating and coordinating various bodily functions, including cognitive capabilities. In this TechDispatch, Neurodata are defined as the information directly gathered from the brain and/or from the nervous system and the conclusions drawn from on this data, such as emotional cues or preferences.

Over the years, several techniques have been developed to interpret the functions of the human brain, especially in the context of clinical medicine and neuroscientific research, allowing for progress in treatments for migraine and other disorders.

However, there is a worrying trend of ethically and legally questionable uses of neurotechnologies, for example the use of neurodata for marketing purposes. Some of these practices may be incredibly invasive, pose unacceptable risks to fundamental rights, and unlawful under EU data protection law.

In this Techdispatch, the EDPS and AEPD break down some of the methods used to process neurodata and their impact on the protection of your personal data and on privacy. This issue delves into some concrete scenarios to help you better understand neurodata processing. For those interested in learning more, this TechDispatch includes a list of further reading. 

Read TechDispatch on Neurodata available in English and Spanish.

EDPS Guidelines on generative AI: embracing opportunities, protecting people

AI

On 3 June 2024, the EDPS published its guidelines on generative Artificial Intelligence and personal data for EU institutions, bodies, offices and agencies (EUIs). The guidelines aim to help EUIs comply with the data protection obligations set out in Regulation (EU) 2018/1725, when using or developing generative AI tools.

Wojciech Wiewiórowski, EDPS, said: “The guidelines that I have issued today on generative AI are a first step towards more extensive recommendations in response to the evolving landscape of generative AI tools, which my team and I continue to monitor and analyse closely. Our advice published today is drafted with the aim of covering as many possible scenarios involving the use of generative AI, to provide enduring advice to EUIs so that they can protect individuals’ personal information and privacy.”

The guidelines focus on a series of important topics, including advice on how EUIs can distinguish whether the use of such tools involves the processing of individuals’ data; when to conduct a data protection impact assessment; and other essential recommendations.

Read Press Release
Read AI Guidelines

Managing fishery resources and sustainable aquaculture

opinion

On 25th June 2024, the EDPS issued an Opinion on the European Commission’s proposed Regulation on the General Fisheries Commission for the Mediterranean Agreement Area (GFCM).

The objective of the proposal is to integrate into EU law the measures adopted by the GFCM on the conservation and management of fisheries, to promote responsible and sustainable use of living marine resources and development of aquaculture in the Mediterranean and Black Sea.

The proposal may involve personal data processed by competent authorities in the context of activities related to fishing vessels.

To this end, the EDPS welcomes that the proposal includes the following elements:

  • the protection of personal data and maintaining confidentiality;
  • the retention period of personal data;
  • the roles and responsibilities of the competent authorities processing personal data;

The EDPS’ recommendations focus on:

  • the need to identify the fisheries databases and the users of these databases;
  • the need to ensure appropriate safeguards for international transfers outside of the European Economic Area, since the GFCM is a regional fisheries management organisations established under the Food and Agriculture organisation of the United Nations. 

Read all the details in our Opinion, available here.

EDPS 20 Initiatives: new release

blue background with logo

As our 20th anniversary year continues, we pursue the launch of our 20 initiatives, a series of actions and commitments the EDPS is making to improve its work, as it aspires to lead as a modern data protection authority.

In this latest release, our initiatives include:

  • improving the privacy of EU institutions’ websites using the EDPS’ website evidence collector to detect data protection and privacy’s data protection compliance, and identify areas of improvement;
  • the use of AI in the field of criminal justice and law enforcement, exploring the impact of AI systems on data protection, and the dynamic between AI, the rule of law,  human-dignity, non-discrimination and the right to a fair trial, for example;
  • the essence of the fundamental rights to privacy and the protection of personal data, and its guiding principle in the context of rights’ limitations.

To find out more about these initiatives as well as others, read them here.

The faces behind the EDPS

edps building and logo

What goes on behind-the-scenes at the EDPS? Who are the people advising, monitoring and ensuring that EU institutions are protecting your personal data and respecting the EUDPR.

Coming from all corners of the EU, meet #teamEDPS colleagues from the Supervision & Enforcement, Policy & Consultation, Technology & Privacy, Human Resources, Budget & Administration and Governance & Internal Compliance Units.

In this short video, they share a sneak peek of the tasks they accomplish in their day-to-day work to help the EDPS shape a safer digital future.

Watch the video now.
Why not join us! Our latest vacancies can be found here.

Newsletter Digest

microphone, with name of the podcast "newsletter digest". background is pink and blue

A brand new episode of the Newsletter Digest is out now!

What’s the Newsletter Digest? It’s the EDPS’ monthly podcast series provides you bite size portions of the EDPS’ data protection and privacy news in just under 10 minutes.

In this episode, we cover some behind the scenes info on our EDPS Summit, an overview of the recent advice we have given to the EU legislator, where to register for our upcoming events and more.

Stay up to date with the actions we take to protect individuals’ personal data and privacy in the EU institutions, bodies, offices and agencies, by listening to the podcast on our website, on Spotify @EDPS On Air, or wherever you listen to your favourite podcast episodes. 

Speeches

WW speaking

Keynote Speech by Wojciech Wiewiórowski at the European Data Protection Summit: 'Rethinking Data in a Democratic Society', Brussels, Belgium.