Two years ago, the EDPS had the pleasure and honour to take part in the first high-level event on Data protection in the Western Balkans and Eastern Partnership Region, organised by the OECD SIGMA Programme, the Eastern Partnership Regional Fund for Public Administration by GIZ, the Regional Cooperation Council, and the Regional School of Public Administration. This meeting was unprecedented, and it also led to the first encounter between the high-level representatives from these regions and their EU counterparts during a plenary meeting of the European Data Protection Board.
During the second edition, we took the opportunity to deepen our practical exchanges on artificial intelligence, cross-border data flows, facial recognition, the digital rulebook and cross-regulatory cooperation, amongst others.
Building on these first two fruitful encounters, we had the pleasure to welcome, meet, share with and learn from representatives from data protection authorities (DPAs) and public institutions from Albania, Armenia, Bosnia and Herzegovina, Kosovo, Moldova, Montenegro, North Macedonia, Serbia and Ukraine.
We welcomed them on 3rd December for a ‘Day at the EDPS’ with the clear ambition to foster ‘hands-on’ discussions on the details of the operational work of our institutions and to have interactive exchanges on our experiences, challenges and needs. Indeed, after high-level exchanges comes the time for more technical and operational discussions on the challenges we are all facing in these uncertain times of rapid technological and geopolitical evolution and tensions.
The event was therefore an opportunity to further strengthen the cooperation and our links with some of the closest partners of the EU.
On behalf of the European Data Protection Supervisor, Mr Wojciech Wiewiórowski, and as acting Secretary General of the EDPS, I had the honour to open the event, welcome all participants and emphasise the strategic relevance of such cooperation projects. The actions that follow are conducive to a better mutual understanding and elevate data protection standards according to shared values and rights.
I also shared a few thoughts on the pan-European data protection landscape. In particular, I called for a swift and rapid entry into force of the Council of Europe’s Protocol modernising the Convention 108 on the processing of personal data. Five ratifications are still missing for the entry into force of Convention 108+, that has the potential to become a global standard on data protection. The swift ratification of this instrument can be promoted by data protection authorities from the European Union, but also from our neighbouring countries and those beyond who are members of the Council of Europe. Time is of the essence in the field of digital regulation and the entry into force should not be delayed any longer.
Lastly, I reiterated that the Spring Conference, i.e. the gathering of DPAs from Greater Europe, is a key forum that EDPS has always supported. Equally, I called for stronger links between the Spring conference and the Council of Europe, and for the Council of Europe to provide institutional support to this informal forum as they need to create a network of data protection authorities in any case, under Convention 108+.
At the end of the day, the EDPS remains convinced there is also a need for bilateral and multilateral cooperation and for increased capacity-building activities between our authorities. DPAs remain small institutions dealing with colossal tasks. We thus need to share expertise, for instance, on the monitoring of new technologies, on investigations techniques and findings, and on policy aspects.
Complementing these opening remarks, a large portion of the meeting was dedicated to discussions on more technical and practical data protection matters. As such, I can only welcome the richness of the exchanges on a wide range of topics of common interest, such as on best practices for advising the legislator - where the EDPS had the opportunity to present our Guidance for co-legislators on key elements to consider when drafting legislative proposals - as well as on the best practices and challenges in relation to technology monitoring.
In particular, I welcomed the deep dive session on best practices and sharing of experiences on investigations, where the EDPS presented the investigation into the use of Microsoft 365 by the European Commission alongside some takeaways from our supervisory activities in the field of law enforcement and border management.
We also touched upon the central question of protecting personal data in the era of artificial intelligence, and presented the EDPS’ new role and functions as supervisor of AI systems in relation to the activities of EU institutions under the EU AI Act.
But what impressed me most was the richness of contributions and exchanges with the participants from these two regions. The possibility to listen and learn from our partners from the Western Balkans and the Eastern Partnership Region on both the opportunities and some of the hurdles they encounter will significantly inform and support the work of the EDPS.
This kind of event truly goes to the core of what cooperation is: the act of working together to reach a common goal.
Again, I am grateful to the organisers and participants from the Western Balkans and the Eastern Partnership for their engagement and thought-provoking contributions. Initiatives like these keep inspiring me.
In times of fragmentation and geopolitical uncertainties, attacks against multilateralism, and regulatory and technological revolutions, the EDPS is more convinced than ever that regulators from Greater Europe and from all over the world need to gather around what we have in common instead of focusing on our differences.
A lot remains to be done, and we are already looking forward to intensifying such cooperation and partnerships further.
