👓October 2024's European Digital Policy Roundup

Hi there ☕

Welcome to your complimentary edition of La tech est politique, highlighting October 2024's notable developments in European tech policy.

On today's menu:

• the new Commission's first 100 days tech priorities;

• personal data developments that matter for businesses;

• Cyber Resilience Act adoption;

• web browsers compete;

• general purpose AI model regulations.

Reading time: 8 minutes (1,244 words)

What Happened in October?

It's been a busy autumn for Digital Europe. After the announcement of the College of Commissioners-designate, the European Parliament examined their declarations of conflict of interest. The Parliament's thematic committees then agreed on written questions and a schedule for the Commissioners' hearings.

💎 La tech est politique tracks the Commissioners-designate commitments and will attend the hearings. Premium subscribers thus receive actionable intelligence at any point in the political process.

Commission's First 100 Days: Top Tech Priorities

We already knew about the strategic guidelines for the second term of office. They now set out the President and her Commission's commitments for the first 100 days. Three of these commitments are tech-related.

The first is the cybersecurity of healthcare systems. The commitment concerns an action plan to improve the healthcare sector's threat detection, preparedness, and crisis response.

Second, an initiative on 'AI factories'. The AI factories initiative aims to connect European start-ups to supercomputers. Doing so will help them catch up with their American and Chinese competitors in the booming generative AI sector. This new ecosystem will also help reduce dependence on American computing power long-term.

And three, a Data Union strategy. The commitment is to present a plan to reform the legal landscape and streamline existing data rules. The overarching goal is to boost European competitiveness.

Personal data in the spotlight: Guidelines and developments that matter

October has been a hectic month for personal data.

The European Data Protection Board (EDPB) is hosting a consultation on 5 November to discuss how companies use personal data to train AI systems. Why does this matter to your business? The widespread use of personal data in AI training has raised significant concerns, prompting the EDPB to make this a cornerstone of its 2027 strategy.

💎 La tech est politique follows this topic and will analyse the EDPB guidelines on the interactions between AI training data and GDPR.

Law enforcement can search a smartphone, but only with the approval of a court or an independent authority. The owner must be informed unless this compromises the investigation. Each EU country must set specific rules for these searches in their national laws.

Meta cannot analyse personal data received from a user to target advertising. In a landmark ruling, the Court of Justice of the EU (CJEU) has ruled that it breached data protection rules by using ALL available user data for advertising purposes.

Commercial interest can be legitimate interest under GDPR only if such processing is strictly necessary and the fundamental rights of data subjects are protected.

At the same time, the EDPB has new guidelines to explain when businesses can use 'legitimate interest' as a basis for processing personal data. To use this basis, your business must meet three conditions:

1. Show a genuine legitimate interest;

2. Prove the data processing is necessary;

3. Show that your interests don’t override the fundamental rights of individuals.

Liability (including legal liability) of software publishers and IoT manufacturers on the agenda

On 10 October, the Council of the EU adopted two momentous texts.

💎 La tech est politique monitors these two texts because they significantly impact publishers/manufacturers and customers.

The Cyber Resilience Act (CRA) aims to improve the cybersecurity of all connected products and services. The regulation introduces broad security requirements, from security-by-design to vulnerability reporting. The CRA will apply to all products with digital elements in the European single market. The implementation follows a phased approach, with complete enforcement due in 36 months.

A significant modernisation of the product liability directive to align it with the digital age and the circular economy. It will be easier for consumers to get compensation for damage caused by faulty products, including software, AI systems and refurbished products. The new rules lighten the burden of proof for victims in complex cases while maintaining a balance with the interests of businesses. The transposition period is 24 months ahead.

Opera and co. unhappy with Microsoft Edge's special treatment

Independent web browsers are fighting back against a European Commission decision. The Commission decided that Microsoft Edge must not follow the same rules as other big tech companies under the Digital Markets Act (DMA).

Opera, one of these independent browsers, has filed an official complaint. Other browser companies are backing Opera's challenge. Even though fewer people use Edge than Chrome or Safari, it has a powerful head start over smaller browsers. Indeed, Edge is already installed on every Windows computer; this gives Edge a considerable advantage, as billions of people use Windows.

AI still in the spotlight

Work is proceeding apace. Three noteworthy initiatives have kicked off.

Work has started on the Code of practice for general-purpose AI (GPAI). The Commission presented the preliminary results of the public consultation over the summer. These will serve as a basis for drafting the code of practice, which should be out in April 2025. The group of experts (see composition below) is into four working groups to deal with transparency rules for training content, systemic risks and their mitigation, and internal governance.

Parliament is structuring its group to track the application of the AI Act. The group has begun with a progress report on implementing the regulation and work anticipating the rules' entry into force. These include the Code above, guidance on prohibited practices, and the AI Pact, a voluntary instrument launched by Thierry Breton. Brando Benifei (S&D, Italy) leads the working group. Read my profile of Benifei.

The IA Office is starting to equip itself. On 18 October, the Commission opened a public consultation to establish a panel of independent experts. This panel should assist the AI Office in regulating GPAIs. In particular, the panel will have to plan principles on requests for assistance and ‘qualified alerts’. The public consultation is open until 15/11, and the Commission intends to adopt the resulting regulation before the end of 2024.

💎Unlock Premium Insights: Stay Ahead in EU Tech Policy

Our premium subscribers have already gained exclusive access to:

• An in-depth analysis of the first 100-day priorities;

• A comprehensive breakdown of the Cyber Resilience Act's impact;

• A special report on five game-changing cybersecurity and AI regulations (2019-2024);

• A practical guide with ten actionable steps to protect your SME today.

🎁 Limited Time Offer: 30% off Annual Subscription

Celebrate our English edition launch! Secure your strategic advantage before 15 November: don't miss out on the insights shaping the future of tech in Europe! 👇

👉 Free subscribers receive a concise monthly summary (like this one) and cannot access the premium 💎 resources (analyses, themed features, legislators' agenda, etc.).

🙏 Thank you for reading this edition of La tech est politique!

If you have any comments or questions about this edition, please feel free to get in touch.

🌞 If you enjoyed this edition, please share it with your colleagues. Let's help spread a solid understanding of Digital Europe and what it means for innovation.

See you in a month!

💌 Questions, comments or secrets to share? Contact me: [email protected]