Enforcement phase begins for EU digital laws
For some years, we have seen much GDPR enforcement both at the national and EU level, although some countries are more active than others. The EU’s new digital package means that there are now a multitude of digital laws to enforce, and ensure that they operate in the intended way with the GDPR which is the underlying regulation.
Recently, there have been interesting developments in this field. The ever-so-active noyb made complaints about Meta’s AI training practices to 11 DPAs whose intervention put a stop to Meta’s plans for now, and the EU Commission is looking into applying the Digital Markets Act in the area of pay or consent.
Civil society is playing an increasingly important role – consumer organisations have also challenged Meta over Pay or Consent. EDRi’s action on LinkedIn’s targeting of adverts based on sensitive personal data has already been successful.
In May, the European Commission decided to open infringement procedures by sending a letter of formal notice to 18 Member States that did not designate the responsible authorities to implement the Data Governance Act which facilitates data sharing across sectors and EU countries. Authorities also need to be appointed in Member States, in quite a short timescale, to become responsible for AI as per the EU AI Act. In some countries, the existing data protection supervisors may become AI authorities but this is not necessarily the case everywhere.
The EU AI Act was published in the EU Official Journal on 12 July 2024 and will be in force from 1 August. Most of its provisions will become applicable from 2 August 2026. This world-first Act may influence AI governance globally in many different ways – read analysis by Graham Greenleaf.
Laura Linkomies
Editor, Privacy Laws & Business
August 2024
Previous |
Contents |
Next |