EDPS 'Concerned' About Data Privacy Framework as Europe Publishes Annual Reports
European Data Protection Supervisor Wojciech Wiewiorowski is worried about what's going on in the U.S. and its potential effect on the EU-U.S. Data Privacy Framework (DPF), he said Wednesday at a streamed Brussels briefing on the EDPS' 2024 annual report.
Sign up for a free preview to unlock the rest of this article
Wiewiorowski was asked whether the EDPS and/or the European Data Protection Board (EDPB) could intervene if the European Commission preferred not to rock the boat after President Donald Trump fired members of the FTC and Privacy and Civil Liberties Oversight Board. Wiewiorowski said he's aware the EC is monitoring the situation closely. Nevertheless, he said, it's significant that among the hundreds of Biden administration executive orders that Trump set aside, he hasn't revoked the order on the DPF.
In addition, the EDPS said, the DPF isn't conditional on the FTC having a full panel. The changes at the agency pose some problems, but mostly for the office's U.S. colleagues, he said. However, he added, "I'm very concerned" about what's happening, and he hopes that colleagues who attend this week's IAPP meeting in Washington will return with more information.
Among other activities in 2024, the EDPS reported, it created an AI unit and rolled out an AI strategy based on governance, risk management and supervision as the office took on its new role as a market surveillance authority for the supervision of AI systems.
Last year, the EDPS said, it issued a record number of legislative consultations to advise the European Parliament and Council on the privacy aspects of upcoming EU regulations. The office also doubled down on supervision and enforcement actions to ensure that EU bodies complied with data protection laws. The EDPS also continued its cooperation with the EDPB and global bodies such as G7 data protection and privacy authorities, it noted.
The European Data Protection Board's 2024 annual report, also published Wednesday, noted its continuing efforts to strengthen, modernize and harmonize data protection across Europe.
Among other things, EDPB Chair Anu Talus wrote, the board noted a sharp increase in the number of requests for opinions on questions of general application under the General Data Protection Regulation (GDPR), such as the validity of "consent or pay" models used by large online platforms. Such opinions are an important tool for creating consistency on privacy issues at an early stage, she said. Last year, the board also issued opinions on the use of facial recognition at airports and the use of personal data to train AI models (see 2412180004), among other topics.
New digital laws such as the Digital Markets Act, Digital Services Act, AI Act, Governance Act and Data Act have gone into effect recently, Talus noted. All are built on "the foundation laid by the GDPR." She predicted that fairness, contestability and the protection of fundamental rights will increasingly need to be approached from multiple regulatory angles, which "requires seamless cross-regulatory collaboration."