On February 11, 2021, the European Commission launched a public consultation on its initiative to fight child sexual abuse online (the “Initiative”), which aims to impose obligations on online service providers to detect child sexual abuse online and to report it to public authorities. The consultation is part of the data collection activities announced in the Initiative’s inception impact assessment issued in December last year. The consultation runs until April 15, 2021, and the Commission intends to propose the necessary legislation by the end of the second quarter of 2021.

Continue Reading European Commission Launches Consultation on Initiative to Fight Child Sexual Abuse

On December 23, 2020, the European Commission (the “Commission”) published its inception impact assessment (“Inception Impact Assessment”) of policy options for establishing a European Health Data Space (“EHDS”).  The Inception Impact Assessment is open for consultation until February 3, 2021, encouraging “citizens and stakeholders” to “provide views on the Commission’s understanding of the current situation, problem and possible solutions”.

Continue Reading AI Update: European Commission Conducts Open Consultation on the European Health Data Space Initiative

Yesterday, the European Commission published its proposals for the Digital Markets Act (“DMA Proposal”) and Digital Services Act (“DSA Proposal”), proposing new regulation of “intermediary services” and “designated gatekeepers”. The proposals would impose new obligations on providers of digital services and augment enforcement powers.

Continue Reading Digital Markets Act Proposal

On 25 November 2020, the European Commission published a proposal for a Regulation on European Data Governance (“Data Governance Act”).  The proposed Act aims to facilitate data sharing across the EU and between sectors, and is one of the deliverables included in the European Strategy for Data, adopted in February 2020.  (See our previous blog here for a summary of the Commission’s European Strategy for Data.)  The press release accompanying the proposed Act states that more specific proposals on European data spaces are expected to follow in 2021, and will be complemented by a Data Act to foster business-to-business and business-to-government data sharing.

The proposed Data Governance Act sets out rules relating to the following:

  • Conditions for reuse of public sector data that is subject to existing protections, such as commercial confidentiality, intellectual property, or data protection;
  • Obligations on “providers of data sharing services,” defined as entities that provide various types of data intermediary services;
  • Introduction of the concept of “data altruism” and the possibility for organisations to register as a “Data Altruism Organisation recognised in the Union”; and
  • Establishment of a “European Data Innovation Board,” a new formal expert group chaired by the Commission.


Continue Reading AI Update: The European Commission publishes a proposal for a Regulation on European Data Governance (the Data Governance Act)

On 16 July 2020, the European Commission (“Commission”) announced that it has launched an antitrust sector inquiry into “consumer-related products and services that are connected to a network and can be controlled at a distance, for example via a voice assistant or mobile device.

Commission Executive Vice President and Competition Commissioner Vestager said that “[t]he sector inquiry will cover products such as wearable devices (e.g. smart watches or fitness trackers) and connected consumer devices used in the smart home context, such as fridges, washing machines, smart TVs, smart speakers and lighting systems. The sector inquiry will also collect information about the services available via smart devices, such as music and video streaming services and about the voice assistants used to access them.” Connected cars are outside of the scope of the inquiry.
Continue Reading IoT Update: The European Commission launches an antitrust sector inquiry into the sector of Internet of Things for consumer-related devices and services

On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI.  These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days.  Although the papers published this week do not set out a comprehensive EU legal framework for AI, they do give a clear indication of the Commission’s key priorities and anticipated next steps.

The Commission strategies are set out in four separate papers—two on AI, and one each on Europe’s digital future and the data economy.  Read together, it is clear that the Commission seeks to position the EU as a digital leader, both in terms of trustworthy AI and the wider data economy.


Continue Reading AI Update: European Commission Presents Strategies for Data and AI (Part 1 of 4)

On December 3, 2019, the EU’s new Commissioner for the Internal Market, Thierry Breton, suggested a change of approach to the proposed e-Privacy Regulation may be necessary.  At a meeting of the Telecoms Council, Breton indicated that the Commission would likely develop a new proposal, following the Council’s rejection of a compromise text on November 27.

The proposed Regulation is intended as a replacement to the existing e-Privacy Directive, which sets out specific rules for traditional telecoms companies, in particular requiring that they keep communications data confidential and free from interference (e.g., preventing wiretapping).  It also sets out rules that apply regardless of whether a company provides telecoms services, including restrictions on unsolicited direct marketing and on accessing or storing information on users’ devices (e.g., through the use of cookies and other tracking technologies).


Continue Reading New E-Privacy Proposal on the Horizon?

On June 20, 2019, Keith Krach was confirmed by the U.S. Senate to become the Trump administration’s first permanent Privacy Shield Ombudsperson at the State Department.  The role of the Privacy Shield Ombudsperson is to act as an additional redress avenue for all EU data subjects whose data is transferred from the EU or Switzerland to the U.S. under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework, respectively.

Continue Reading Privacy Shield Ombudsperson Confirmed by the Senate

On April 8, 2019, the EU High-Level Expert Group on Artificial Intelligence (the “AI HLEG”) published its “Ethics Guidelines for Trustworthy AI” (the “guidance”).  This follows a stakeholder consultation on its draft guidelines published in December 2018 (the “draft guidance”) (see our previous blog post for more information on the draft guidance).  The guidance retains many of the same core elements of the draft guidance, but provides a more streamlined conceptual framework and elaborates further on some of the more nuanced aspects, such as on interaction with existing legislation and reconciling the tension between competing ethical requirements.

According to the European Commission’s Communication accompanying the guidance, the Commission will launch a piloting phase starting in June 2019 to collect more detailed feedback from stakeholders on how the guidance can be implemented, with a focus in particular on the assessment list set out in Chapter III.  The Commission plans to evaluate the workability and feasibility of the guidance by the end of 2019, and the AI HLEG will review and update the guidance in early 2020 based on the evaluation of feedback received during the piloting phase.
Continue Reading AI Update: EU High-Level Working Group Publishes Ethics Guidelines for Trustworthy AI

It is now four months after the General Data Protection Regulation (EU) 2016/679 (“GDPR”) came into force. One of its objectives is to create uniform standards for data protection in Europe and to adapt data protection to technical progress. In addition, the “Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications” (“E-Privacy Regulation“) was originally also to come into force as the successor to the corresponding Directive, though it now appears likely to come into force only in 2019. The E-Privacy Regulation is also an EU legal act which is directly applicable in the Member States without having to be transposed into national law. It is intended to protect both electronic communications content and electronic communications metadata as well as end-users‘ terminal equipment information. It is important to note that protection is not limited to personal data like in the GDPR – and therefore includes even more protected information and data. This post looks at the implications of the E-Privacy Regulation for IoT manufacturers starting with a short summary of the GDPR and some of its effects.

Continue Reading IoT Update: The E-Privacy Regulation – Impact on the IoT market