Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.
The month of August kicked off with the entry into application of yet another set of EU Artificial Intelligence Act obligations. Beginning 2 Aug., providers that want to place their general-purpose AI models on the EU market must ensure their models are compliant with the act's transparency and copyright obligations. Models that present systemic risk are subject to additional obligations.
EU member states were also required to fulfill a set of obligations under the EU AI Act by 2 Aug. — establishing rules on monetary penalties and other enforcement measures and designating their national competent authorities. Despite the deadline passing, many EU countries are still in the process of selecting the bodies that will be responsible for implementation and enforcement of the regulation. The status of such designations can be tracked in the IAPP EU AI Act Regulatory Directory.
EU institutions took a slower pace during August and the annual summer recess. There was no snoozing for certain topics, however.
Digital matters came up in recent EU-U.S. trade talks, which led to an Agreement on Reciprocal, Fair, and Balanced Trade on 21 Aug. However, the discussion on its possible impact on the EU's digital rulebook continues. One of the agreement's terms is about the U.S. and EU addressing "unjustified digital trade barriers."
Over the past few days, we heard comments from over the Atlantic on zero tolerance for foreign digital legislation that harms U.S. companies. Meanwhile, French President Emmanuel Macron suggested that Brussels should focus on addressing its service deficit in the digital sector. A question legitimately arises whether the work on the Framework Agreement is going to affect, slow down, or otherwise hinder the enforcement of European digital rules such as the Digital Services Act and the Digital Markets Act.
The European Commission says no. In this week's press briefing, President Ursula von der Leyen's spokespersons clarified there will be no changes to the EU's digital rulebook as Europe has a sovereign right to regulate economic activities on its territory.
The end of summer also means the summer recess is wrapping up. Next week is already looking busy as the Court of Justice of the European Union is expected to deliver two significant decisions.
The first will come from the General Court on 3 Sept. and concerns the Latombe v. the Commissioncase. Member of French Parliament Phillipe Latombe is challenging the validity of the EU–U.S. Data Privacy Framework, which has now been in place for two years, following the invalidation of its predecessor, the Privacy Shield, in the Schrems II case. The ruling and its impact on international data transfers will be discussed in more detail during a 4 Sept. IAPP LinkedIn Live titled "EU-U.S. Data Transfers: Reaction to the Latombe Judgment."
The European Court of Justice will deliver its judgment in the European Data Protection Supervisor v. Single Resolution Boardcase 4 Sept. Here, the definition of personal data has been brought into question in relation to pseudonymized personal data. It will be interesting to see whether the court will follow the opinion published by CJEU Advocate General Dean Spielmann earlier this year.
It also remains to be seen whether the end of summer will bring an end to the prolonged selection process of the new European Data Protection Supervisor — we're nine months into the selection process, which turned out to be more political than ever before.
Laura Pliauškaitė is European operations coordinator for the IAPP.
This article originally appeared in the Europe Data Protection Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.
