Over the course of this year, there have been several significant advancements in the world of data protection across the EU and the UK. In this article, we will present some of the major milestones of 2023.
In early 2023, CNIL reminded organizations to stay updated on data protection laws and adapt practices to the updated regulations for data transfer agreements to ensure compliance.
At the start of 2023, the previous standard contractual clauses, which were commonly used in data transfer agreements, could no longer be used. The French data protection authority, CNIL, issued a reminder about this matter. These standard contractual clauses played a crucial role in ensuring the legality and security of international data transfers. Organizations that relied on these clauses needed to revise their data transfer agreements to ensure compliance with the updated regulations. This development demonstrated the constant evolution of data protection laws, highlighting the need for businesses to stay informed and adapt their practices accordingly.
The EU Council released the Cyber Resilience Act to establish a unified framework for cyber resilience and enhance EU cybersecurity.
In February, the EU Council released the compromise text of the Cyber Resilience Act, an important legislation aimed at enhancing cybersecurity measures across the European Union. This act intends to establish a harmonized framework for cyber resilience, encouraging Member States to adopt robust measures to protect critical infrastructure and sensitive data. By setting clear obligations for public and private entities, such as reporting cybersecurity incidents and implementing effective risk management strategies, the Act seeks to strengthen Europe’s cyber defenses and ensure a high level of cybersecurity across various sectors. With its release, the EU Council showed its commitment to addressing the growing threat of cyberattacks and safeguarding the digital landscape within the European Union.
The EDPB welcomed EU-US data privacy advancements while emphasizing the need for strong safeguards, enforcement, monitoring, and evaluations to protect individual privacy rights.
By March, the European Data Protection Board (EDPB) had expressed their welcoming sentiments towards the advancements made in the EU-US data privacy framework. The EDPB acknowledged the importance of protecting personal data when it is transferred across borders, but emphasized the need for robust safeguards and enforcement mechanisms to ensure the privacy rights of individuals are adequately protected. The board also stressed the importance of close monitoring and periodic evaluations of the framework to address any potential shortcomings and adapt to technological advancements. Overall, while the advancements in the EU-US data privacy framework were viewed positively, the EDPB remained vigilant in addressing concerns and ensuring the highest level of data protection for individuals.
Following the EDPB’s initial concerns, the framework was finally adopted in October, marking an important milestone in transatlantic data transfers. This decision signifies that the European Union recognizes the data protection standards in the United States as being equivalent to those in the EU, ensuring that personal data can flow freely between the two jurisdictions while maintaining a high level of protection. The decision is expected to bolster international business relations and strengthen privacy rights for individuals, bridging the gap between privacy regulations in Europe and America.
The UK government introduced the Digital Markets Bill in May to regulate tech giants, address concerns of dominance and anti-competitive practices, and foster innovation in the digital marketplace.
In May, the UK took a significant step in regulating tech giants and promoting competition with the introduction of the Digital Markets Bill. This bill, introduced by the government, aims to address concerns of the dominance of tech giants and their potential anti-competitive practices. By implementing a comprehensive regulatory framework, the UK sought to ensure fair competition, protect consumer interests, and foster innovation in the digital marketplace. The Digital Markets Bill represents a proactive approach by the UK government to create a level playing field and strike a balance between the power of tech giants and the need for a competitive digital economy.
The ICO took steps to establish guidelines for online services processing children’s personal data, prioritizing their safety and promoting responsible use.
This June, the Information Commissioner’s Office (ICO) undertook the advancement of the Children’s Code, which aims to set standards for online services that process children’s personal data. The Code highlights the need for platforms to design services with the best interests of children in mind, ensuring that their personal information is handled safely and used responsibly. Through conducting research and producing reports, the ICO continues to work to improve the protection of children’s data and enhance their digital experiences.
In November 2023, EU lawmakers discussed the revised governance structure of the EU AI Act to establish a transparent and ethically-driven framework for responsible development and deployment of AI systems in the EU.
In November 2023, EU lawmakers convened to discuss the revised governance structure of the EU AI Act. The EU AI Act plays a crucial role in the regulation and development of artificial intelligence within the European Union. The proposed changes to the governance structure aim to ensure effective and transparent decision-making processes, foster compliance with ethical considerations, and promote accountability in the deployment and use of AI technologies. This meeting marked a significant step forward in the EU’s effort to establish a robust framework for the responsible development and deployment of AI systems across Member States.
In 2023, the Aphaia team continued to work diligently towards its mission of elevating our clients’ data protection standards.
Wrapping up an eventful year, the Aphaia team has been anything but idle. Throughout 2023, we’ve actively assisted numerous clients in navigating the intricacies of the EU-US Data Privacy Framework, seamlessly guiding them through the transition. Beyond our consultancy role, we’ve also passionately engaged in conversations, trainings and projects concerning AI ethics, shedding light on the critical aspects of AI ethics and regulation within European circles.
As staunch advocates for privacy, we’ve diligently monitored the evolving landscape of US state data privacy laws, this commitment has led us to curate a comprehensive EU+US privacy support bundle. Adding a personal touch to our endeavors, Aphaia proudly organized two impactful summits in London and Madrid, fostering collaboration and knowledge-sharing among industry experts. Our team has also taken the stage at various speaking engagements, such as our trainings on the Ethics Guidelines for Trustworthy AI in Horizon Europe for Cluster 4 NCPs and for the Spanish Centre for the Development of Industrial Technology or our participation at the 11th International Workshop on Fiber Optics in Access Networks , solidifying our commitment to raising awareness about the legal aspects of new technologies, including the ethical dimensions of artificial intelligence and regulatory considerations in the telecommunications industry.
In response to the increasing demands of our expanding role, we’ve bolstered our team. This growth is a testament to our dedication to ensuring our clients not only achieve compliance but also safeguard their data with unwavering commitment. As we reflect on the milestones of the past year, we look forward to continued collaboration and progress in the ever-evolving landscape of data protection, AI, and telecommunications regulations.
