Posts Under: europe

European Council Approves Negotiating Mandates for Trade Agreements with United States

On Monday April 15th the European Council approved negotiating mandates for two potential trade agreements between the European Union and the United States.  This is a procedural but important step in the process, as it signifies that the leaders of all 28 EU Member States have given their approval for the European Commission to act on their behalf to formally launch negotiations with the U.S. on two potential trade agreements – one on conformity assessment, and the other on eliminating tariffs on industrial goods.  Launching these negotiations is a direct outcome of the meeting between President Trump and European Commission President Jean-Claude Juncker last July, as articulated in the Joint Statement. While this is certainly a significant development in transatlantic relations, it’s important to note that the mandates are narrowly drawn, intended to achieve what EU Trade Commissioner Cecilia Malmström described as “two targeted agreements that wil ...

more

Software & Information Industry Association (SIIA) Hosts January 25, 2019 Artificial Intelligence Event With George Washington University’s Institute For International Economics And The Institute For International Science And Technology

This well attended event entitled: “Artificial Intelligence: What Can be Learned from Other Countries Approaches?” can be viewed on YouTube here.   Professor Susan Aaronson provide a preview of her work on the topic which will be discussed in a paper entitled: “Data is a Development Issue.”  Some takeaways included the reality that there are no broadly generalizable studies on the impact of AI on job creation – in fact, available data can be used to posit both that it contributes to job loss or gain; cybersecurity will include an AI component; bias in AI is possible (just as it is in non-AI contexts), but it can be addressed; and, the AI use skills deficiency in people capable of an inter-disciplinary approach to AI use is both real but also an opportunity.  Given that McKinsey (among other estimates of the economic impact of AI) estimates that AI could deliver up to 16% higher global GDP by 2030, understanding and taking advantage of t ...

more

French Data Protection Authority (DPA - CNIL) Google Fine Shows That Regulatory-Industry Cooperation Crucial To Get Privacy Right

On January 21, 2019, the French National Data Protection Commission (CNIL) fined Google Euros 50 million for not complying with the General Data Protection Regulation (GDPR).   There will be a legal challenge, but this blog focuses on the policy considerations surrounding the decision.  There are at least three initial takeaways from the CNIL decision.  First, this enforcement action demonstrates that the GDPR should not be replicated word for word in a possible U.S. federal privacy law.  Some notion of consumer harm should enter the calculation when a fine is considered.  Second, DPAs should be more forthcoming with guidance on how to comply with the GDPR, especially when companies are making a good faith effort to comply with the law.  Third, there is a risk that the one-stop-shop is going to become effectively meaningless.  As U.S. policymakers consider a federal privacy law, this should be a key co ...

more

The Future of Artificial Intelligence (AI) in Europe

The Software & Information Industry Association (SIIA) and the European Center for International Political Economy (ECIPE) hosted a stimulating June 19, 2018  panel discussion on “The Future of AI” in Brussels at ECIPE’s offices.   European Commission Policy Officer Andrea Glorioso, Delft University Professor Jeroen van den Hoven, Elsevier Senior Vice President  for Analytics for Research Products Elisabeth Ling, and Thomson Reuters Global Head of Risk Technology Management Solutions Alex Cesar provided perspectives on what it will take for the European Union to achieve the ambitious public and private and investment objectives it has set for itself in its April 25, 2018 Communication on Artificial Intelligence.  It was a privilege to moderate this event, and I thank ECIPE and the panelists for their participation.     Synopsis of Panelist Views Andrea Glorioso noted that the Commission has specifically opted not to pr ...

more

“What’s This New European Privacy Law About?”: Demystifying the General Data Protection Regulation (GDPR)

With just over a week until the European Union’s (EU) General Data Protection Regulation (GDPR) goes into effect, companies around the world are coming into compliance with the far-reaching law. Inboxes everywhere have been overflowing with consent notifications over the past few months. If you’re just getting started on GDPR or generally curious, here is a brief overview of the GDPR. Disclaimer – GDPR is broadly written and is context-specific. If your company is in need of compliance help, consider engaging with an outside firm to address your compliance needs.

more

The General Data Protection Regulation (GDPR): Reasonable Implementation Key Now

Today, the Atlantic Council hosted an interesting panel discussion entitled: “Protectionism, Data Privacy, and the Transatlantic Partnership.”  European Commission Digital Affairs Counselor Peter Fatelnig, Atlantic Counsel Distinguished Fellow Fran Burwell, and the U.S. Chamber’s Senior Manager for Digital Affairs Kara Sutton provided a lot of substance and perspective on what is happening in the run-up to the GDPR’s May 25, 2018 entry-into-force.    Appropriately, although the event name started with “protectionism,” nobody discussed the GDPR in those terms.  That is because whatever one’s views are on whether the Regulation really will promote digital innovation in Europe, the GDPR per se is not a protectionist Regulation.  Besides, the train has left the station.  Companies around the world, including SIIA and its member companies, are racing to comply with the GDPR.  Currently, I spend about a quarter o ...

more

Civil Society Groups are Moving the Goalposts on EU-U.S. Privacy Shield

Human Rights Watch (HRW) and Amnesty International (AI) issued a press release today on a letter and brief the two organizations sent to European Justice and Home Affairs Commissioner Vera Jourova arguing for invalidation of the EU-U.S. Privacy Shield.  The letter and brief can be found here.  On substance of the criticism, these groups continue to sell the U.S. surveillance framework short, failing to recognize extensive transparency and safeguards that underlie the U.S. framework.  That aside, invalidation on these terms is not appropriate because the European Commission’s reasoned and detailed adequacy decision was based on information about U.S. surveillance practices and laws that the Commission had when the decision was released on July 12, 2016. After reviewing the commitments self-certifying organizations would make under the privacy shield and the enforcement mechanisms available under U.S. law, the Commission said, “the United States ensures an a ...

more

France’s Extraterritorial Interpretation of the Right to be Forgotten Goes to the European Court of Justice

Does the EU’s right to be forgotten extend to the whole world?  The French data protection authority, CNIL, says yes and wants search engines to delist search results which contain information that violates the European Union’s right to be forgotten – not just for French users, not just for European users, but for all users everywhere. Google is prepared to remove offending search results for European users, but balks at removing material globally just because European courts find that it violates European privacy rules. 

more

Promoting the FinTech Revolution

As FinTech has expanded, so has the desire to ensure that the field remains competitive, innovative, and responsive to consumer demands. In our response questionnaire to the European Commission’s Public Consultation on FinTech, we highlight the potential of FinTech for consumers and businesses, and note where current law works to assure innovation and consumer protection. Where new measures might be needed, a harm-based approach to regulation would be optimal both from the perspective of protecting consumers and from the perspective of encouraging adoption of this technology with all of the attendant potential benefits for consumers. Instead of focusing regulation on the technology used to conduct activity, regulators should focus on the activity itself. In doing so, regulators will remain technologically neutral.

more

Chinese Proposed Cross-Border Data Flow Rules Contradict an Emerging International Default Norm for Cross-Border Data Flows

The Cyberspace Administration of China (CAC) recently issued draft “Security Assessment Measures for the Cross-Border Transfer of Personal Information and Important Data.” The draft comes in the context of the Chinese Cybersecurity Law, which is scheduled to be implemented on June 1, 2017.  The National Security Law of China likely also influenced this draft. 

more