Data Protection Insider, Issue 100

Data Protection Insider, Issue 100 - DPI 2

– EDPB-EDPS Joint Opinion on Digital Euro Proposal –

On 17th October, the EDPB and EDPS adopted their ‘Joint Opinion 02/2023 on the Proposal for a Regulation of the European Parliament and of the Council on the establishment of the digital euro’. In the next few months, the European Parliament and the Council will consider the Commission’s proposal for a digital euro. Against this background, the EDPB and EDPS offer their opinion on the proposal and its relation to privacy and data protection. The EDPB and EDPS highlight a number of positive aspects of the proposal – including, for example, ‘that digital users will always have the choice to pay in digital euros or in cash, as well as that the digital euro would not be “programmable money”’ and ‘the efforts made in the Proposal…to minimise the processing of personal data in relation to the digital euro, as well as to embed data protection by design and data protection by default.’ The EDPB and EDPS, however, also note a number of issues with the proposal. The position of the bodies is elaborated under the following headings: i) ‘general remarks’; ii) subject matter and definitions’ – including the observation that certain definitions are missing, such as ‘transactional data’, and others require further clarification; iii) ‘legal tender’; iv) ‘distribution’ – including the observation that processing stemming from the prior approval from a user to link a digital euro account to a fiat account, ‘should not be interpreted as consent in the meaning of the GDPR, but rather as a safeguard of contractual nature’; v) ‘the use of the digital euro as a store of value and as a means of payment’ – including the observation that there is a need to further clarify aspects of necessity and proportionality; vi) ‘technical features’ – including concerns related to fraud detection procedures; vii) ‘Cybersecurity and operational resilience’ – including a recommendation to include further references to relevant cybersecurity legislation; viii) ‘privacy and data protection – including a recommendation to include further specification of the legal bases for several digital euro processing operations; ix) ‘anti-money laundering’ – including suggestions concerning making anti-money laundering measures more proportionate and differentiated; and x) ‘final provisions’. This is a lengthy, and technical opinion and will likely, currently, be of most interest to those already specifically interested in monetary issues – although we foresee that the relevance of, and interest in, the opinion will likely grow with as awareness of the significance of the topic increases with time.

 

– EDPS Issues Opinion on AI Liability –

On 11th October, the EDPS issued an Opinion on the two Commission Proposals on AI liability rules (Liability for Defective Products Directive (PLD) and Adapting non-contractual civil liability to AI Directive (AILD)). The EDPS clearly endorses the objectives of the two proposed Directives, ‘namely to ensure that victims of damage caused by AI enjoy a level of protection equivalent to that enjoyed by persons claiming compensation for damage caused without the involvement of an AI system.’ In his Opinion, the EDPS suggests the following six improvements to the Proposals: (1) an equivalent level of protection in relation to damages as caused by AI produced or deployed by EU institutions, bodies and agencies, on one hand, and by the private entities and national authorities, on the other hand; (2) extending the application of the procedural safeguards in the AILD also to non-high risk AI applications; (3) the provision of information on the AI application ‘in an intelligible and generally understandable form’ and not only the provision of technical information; (4) the explicit specification that the two Proposals are without prejudice to EU data protection rules, especially those concerning the redress mechanism in relation to data protection infringements; (5) the introduction of ‘additional measures to further alleviate the burden of proof’ as ‘a fairer and more balanced approach to address the challenges posed by AI systems to the effectiveness of EU and national liability rules’ and (6) shortening the review periods suggested in the two Proposals.

 

– EDPB Holds 85th Plenary Meeting – 

On 17th October, the EDPB held its 85th Plenary Meeting. Amongst the topics on the agenda, the following are noteworthy:

  1. the ‘EDPB/EDPS Joint Opinion on the Proposal for a Regulation on the establishment of the digital euro’ – see above;
  2. the selection of topic for coordinated action in 2024;
  3. update of the strategic cases;
  4. information on the of the first coordinated action on enforcement; and
  5. request for a mandate for guidelines on telemetry and diagnostic data

About

DPI Editorial Team

Dara Hallinan, Editor: Legal academic working at FIZ Karlsruhe. His specific focus is on the interaction between law, new technologies – particularly ICT and biotech – and society. He studied law in the UK and Germany, completed a Master’s in Human Rights and Democracy in Italy and Estonia and wrote his PhD at the Vrije Universiteit Brussel on the better regulation of genetic privacy in biobanks and genomic research through data protection law. He is also programme director for the annual Computers, Privacy and Data Protection conference.

Diana Dimitrova, Editor: Researcher at FIZ Karlsruhe. Focus on privacy and data protection, especially on rights of data subjects in the Area of Freedom, Security and Justice. Completed her PhD at the VUB on the topic of ‘Data Subject Rights: The rights of access and rectification in the AFSJ’. Previously, legal researcher at KU Leuven and trainee at EDPS. Holds LL.M. in European Law from Leiden University.

Leave a Reply