Newsletter (109)


Newsletter (109)

31 days of data protection at the EDPS: what’s happened in our privacy world in May? This month we’ve worked on our plan for AI in the EU institutions and continued to plan for our EDPS Summit: Rethinking data in a democratic society. Sign up to this event and read about our work in this newsletter.  

EDPS Summit: less than one month to go!


Our European Data Protection Summit on “Rethinking data in a democratic society” is less than one month to go! 

Join us online on 20th June 2024 to celebrate the EDPS’ 20th anniversary and to debate on the role of a state in times of ever-growing collection of information about citizens by private and public entities, and the role that data protection can play in modern democracies. 

What else can you expect? 

Amongst the various discussions, debates and events planned, why not join our panel on disinformation and the role of institutions in protecting democracy? Our panellists will discuss the intertwining topics of the newly adopted Digital Service Act and the role of communication in the digital world as a tool to rebuild trust amongst citizens and to fight disinformation. 

Are you an aspiring, novice or experienced data protection officer, or simply interested in the field? Tune into the debate that we are hosting with data protection officers from different industries as they share strategies and experiences of their day-to-day role, how they tackle difficult situations, and handle individuals’ requests. 

Curious about what’s to come in the field of data protection? Join our book club “20 years of data protection. What next?” as we take stock of the EDPS’ 20 years of protecting individuals’ personal data and analyse with our international experts the impact and effect of recent legislative developments, such as the Digital Markets Act, Digital Services Act, looking at the the challenges and opportunities they may bring for the protection of individuals’ rights and freedoms. 

We have lots more planned, check the programme here and sign up to join us online.  

CPDP 17th Edition: all eyes on AI

The European Data Protection Supervisor delivering a speech at CPDP conferences behind a podium and next to plants and flowers

Once again, the EDPS attended the latest edition of the Computers, Privacy and Data Protection conference between 22 to 24 May 2024. Held each year since 2007, this forum brings together over 1400 academics, lawyers, practitioners, policy-makers, industry and civil society from all over the world to discuss the intersection of particular issues with data protection and privacy. 

The EDPS is a long-standing participant and supporter of this forum. Under this year’s CPDP theme “To govern or to be governed, that is the question”, the EDPS partook in a number of panels on artificial intelligence.

In particular, the EDPS organised a panel titled "Challenges and Opportunities of Open-Source Artificial Intelligence". Gathering speakers from the European Commission, open-source initiatives and the private sector, the panel focused on the potential benefits for society of integrating open-source in the development of AI systems. 

Open source initiatives allow for greater transparency in the development of systems, including AI. This could lead to greater clarity and understanding of the software’s components and, in the long term, greater control over these systems, compared to commonly-known AI tools, such as large language models available on the market, that use opaque training methods and unknown datasets.  As such, panellists considered the option of open source AI tools from different angles, notably whether the transparent nature and objective of open source initiatives can contribute to upholding the right to data protection. The debate touched upon the effective application of open source initiatives to protect individuals’ personal data, examining possible procedures, tools and infrastructure.  

After this rich exchange of views with invited experts, a consensus was reached. Transparency of open source AI tools is necessary on three different levels: the need for detailed information about the training datasets; source-code used; and unrestricted access to the model and its parameters.

The development of AI is fast-moving, with new questions, challenges and opportunities to anticipate and tackle. As AI Supervisor of the EU institutions, bodies, offices and agencies, the EDPS is planning its strategic response to AI’s development. International fora, like CPDP, and eye-opening discussions like this panel, helps inform our work. 

Read speech by European Data Protection Supervisor Wojciech Wiewiórowski at CPDP.  

A strategy for AI in the EU institutions

secretary-general and secretaries - general of the EU institutions

It’s happening. The EU’s Artificial Intelligence Act is entering into force in the coming weeks. 

AI tools have potential, bringing new opportunities and enhancing productivity across a variety of sectors and fields, such as healthcare, sustainability, scientific research, private companies, public organisations, including the EU institutions. But, AI tools also present risks; if misused, vulnerable people may be exploited, for example. 

Taking on the role of AI Supervisor of the EU institutions, the EDPS’ job is to ensure that they are prepared. 

Every EU institution, their developers and users need to know the boundaries of these tools. In other words, when to use them, and when not to use them. 

The EDPS has hatched a plan focusing on three key components: governance, risk management and supervision. 

To find out more about the EDPS’ plan, read EDPS Blogpost by Leonardo Cervera Navas. 

20 Talks: Our next guest is... Caroline Sinders

blue background

How does AI shape human relationships? To what extent does AI enrich or restrict artistic expression? What are some of the ethical and legal challenges that arise from using AI in artistic production? 

These are some of the topics that are explored by Caroline Sinders, machine-learning design researcher and artist, in the latest episode of our 20 Talks series in which we interview a diverse selection of leading voices to discuss the influence of data protection and privacy in their field. The episode is out now, have a watch. 

Watch the episode here.

EU-Canada agreement on transfers of Passenger Name Record

a worldmap with flying plane and two dark red passports with white papers and one hand holding a stampler

The EDPS has issued an Opinion on the EU-Canada agreement on transfers of Passenger Name Record (PNR) data. PNR data is information provided by passengers, collected and held by airlines for commercial purposes.

In this EDPS Opinion, published on 29 April 2024, the EDPS reached the conclusion that the draft Agreement contains the necessary safeguards required for it to be compatible with the Charter of Fundamental Rights.

At the same time, the EDPS makes several recommendations with the aim to ensure that the future Agreement would be implemented in compliance with EU law. These recommendations focus on: 

  • the retention of PNR data of departing passengers should be limited and only carried out under certain circumstances;
  • any use of PNR data for the purposes of security and border control checks should be possible only when those checks are carried out to prevent, detect, investigate, or prosecute terrorist offenses or serious transnational crime, and not for other purposes such as immigration control for example;
  • the access to retained PNR data without prior review by a court or independent administrative body should be allowed only in exceptional and duly justified cases.

As the advisor to the EU institutions on legislative proposals impacting data protection, the EDPS considers that the European Commission should pay special attention to these elements, as well as to the exercise of individuals’ data protection rights, during the joint reviews of the envisaged EU-Canada Agreement. 

For detailed explanations and legal reasoning and analysis of this EDPS Opinion, you can read it in full here. 

Data Protection exPLAINed: understanding privacy in 5 videos

logo consisting of a number two in blue and zero in yellow

Untangle the principles of the EU’s data protection regulation, the GDPR, in just 5 videos. 

We’ve just published a series of five videos covering the key principles of this EU-wide data protection law. 

Each video covers 3 concepts in 3 minutes, helping you learn about what makes data processing lawful, what are the limits on AI’s decision based on personal data, what happens in case of personal data breaches, and more. 

Watch the videos whenever and wherever to learn about the GDPR at your own pace. 

#1 - Lawfulness, Accountability and Confidentiality in the EU
#2 - Data Minimisation and Purpose Limitation
#3 - Storage Limitation, Data Accuracy and Interoperability
#4 - Individual Data Protection Rights and Special Categories
#5 - Automated Decision Making, Transfers and Data Breaches 

20 Initiatives to improve data protection


Turning wishes into actions and commitments. As part of its 20th anniversary of existence, the EDPS is working on 20 initiatives to keep up with an evolving digital landscape, to thrive and lead as a modern data protection authority. 

Each month, we publish 5 initiatives tackling different aspects of data protection law.

Amongst other topics, this time we are focusing on:

  • launching a Data Protection Officer certification course
  • an analysis on the use of AI in the field of criminal justice and law enforcement 
  • cross-regulatory cooperation to build a Digital Clearinghouse 2.0

These initiatives are the first building block towards further actions, follow our progress here. 

Use your vote. Make it count.

blue background with hashtag use your vote and dates 6-9 June 2024

On 6-9 June 2024, more than 400 million EU citizens are called upon to vote in the European Parliament’s elections; it is an opportunity for each and every one of us to decide on what the future of the EU should look like.

The European Parliament hosts a number of political parties, each composed of Members of the European Parliament. A total of 705 members are democratically elected in the 27 EU Member States of the EU every 5 years.

In less than a week, it is your chance to make your voice heard for the future of the EU. Your choice has an impact on a number of decisions and laws affecting all EU Member States. Make your voice heard, and make it matter. 

The European Data Protection Supervisor, Wojciech Wiewiórowski, still remembers when his home country, Poland, joined the EU in 2004, and what this meant to him. Watch his video message on the importance of voting this June. 

Watch video message here