Centre for Democracy & Technology Europe

📅 Exciting times ahead! On October 1st, 2024, CDT Europe, together with 38 civil society partners, will co-host the "Tech and Society Summit" to connect with EU policymakers. Check out the draft programme, you might find us at the sessions on engaging civil society and safety beyond surveillance: https://lnkd.in/ezMJMJSw

This is the last edition of our EU Tech Policy Brief before the summer break 🌴 In this edition: 👁️ CDT Europe’s comments on the EU-U.S. Data Privacy Framework, especially the reauthorisation of Section 702 of FISA. 🛡️ Limits on Spyware Technologies: We urge the EU to introduce stringent limits on spyware use. 💬 An explainer why civil society is so important in the monitoring of the Digital Services Act (DSA). ⚖️ Key compliance steps for public authorities deploying high-risk AI systems. 📢 Job Opportunity: Communications Trainee starting in September, deadline to apply is 8 August. For more on EU tech policy and digital rights, check out the full newsletter and sign up: https://lnkd.in/ebKCzXpV

The 2024 European Commission Rule of Law report was released yesterday, bringing to light some deeply concerning findings about the abuse of spyware by law enforcement and intelligence services across the EU. This comes as we learn today that MEP Daniel Freund has become the latest in a series of alarming spyware attacks on EU officials. This incident highlights the urgent need for action, especially as the Rule of Law report reveals gross violations of fundamental rights in several EU countries, raising serious questions about the integrity of our legal systems and the protection of citizens' privacy. Despite these disturbing findings, the European Commission has not put forward specific recommendations to address these critical issues. This lack of action severely undermines trust in the EU's commitment to upholding the rule of law. We call on the European Commission to take this issue seriously in the new term: it is imperative to implement concrete measures and ensure robust oversight to prevent further abuses.

🌟 Job Alert: Communications Trainee Are you passionate about protecting human rights and democracy in the digital age? We're looking for a Communications Trainee to join our Brussels office starting early September! As a Communications Trainee, you'll play a key role in promoting human rights and democratic principles online. You'll be involved in shaping our communication strategy, managing social media accounts, creating engaging content, and supporting various advocacy and communications initiatives. This is a unique chance to gain hands-on experience and grow professionally in the field of digital technology policy. Responsibilities: ▪ Assist in shaping CDT Europe's communication strategy ▪ Help managing our social media accounts (Twitter, LinkedIn, Mastodon) ▪ Create and plan social media content ▪ Design visuals for social media ▪ Monitor communications trends ▪ Support in drafting and disseminating of the monthly newsletter ▪ Help organising events and support press work ▪ Monitor media and relevant articles Qualifications: ▪ Experience in social media management and communications ▪ Knowledge of visual design tools (e.g., Canva) ▪ Interest in digital technology policy and human rights ▪ Excellent verbal and written communication skills in English; other languages are a plus ▪ High creativity, energy, and motivation ▪ Good organisational skills and attention to detail ▪ Permit to work and live in Belgium and the EU. Compensation: ▪ Paid position for at least 6 months, with the possibility of renewal. ▪ Salary up to EUR 1200/month under the “Convention d’immersion Professionnelle” framework. ▪ Lunch vouchers and transportation covered 📅 Deadline to apply: Thursday, 8 August, 2024 Submit your cover letter and CV to hr@cdt.org. For more information, see here: https://lnkd.in/gN7_Tpx7 #CommunicationsTrainee #JobAlert #HumanRights #DigitalPolicy

Today, the EU Consumer Protection Cooperation Network - a network of consumer protection authorities -  sent a letter to Meta showcasing their concerns about “pay or okay”. Not long ago, the European Data Protection Board suggested that the "pay or okay" model offered by Meta which gave users a choice between consenting to behavioural advertising or paying may flout data protection rules. The European Commission alongside national consumer protection authorities now say it may flout consumer protection laws, too. The EDPB opinion suggested in April this year that a binary choice between pay or okay would hardly be a genuine one, and in some cases may fall short of the consent required by data protection laws. Even before the opinion was issued, regional efforts to investigate the implications of Meta’s pay or okay under EU consumer protection law were already underway. In 2023, consumer protection authorities started separate, coordinated action to assess if there were misleading practices at play under consumer laws. Their concerns encompassed a range of issues, including :  🚩 The description of services as “free” when it allows Meta to generate revenue off users’ personal data 🚩 The absence of straightforward avenues for users to understand how their data is used  🚩 Using imprecise terms, such as “information” to describe “personal data” 🚩 The lack of sufficient time for users to make a genuine choice between pay or okay Meta will have until 1 September 2024 to respond to the letter, failing which consumer protection authorities may take enforcement action. The conduct of online platforms engages multiple legal frameworks and authorities. We will continue to monitor these developments closely, stay tuned! #PayOrOk #ConsumerProtection #OnlinePlatforms

At the request of the European Commission, CDT Europe and Center for Democracy & Technology submitted a letter explaining key changes in U.S. laws, regulations and practices to inform the Commission’s first annual review of the EU-U.S. Data Privacy Framework. (The DPF is the framework that enables the transfer of personal data between the EU and the U.S. 🇺🇸 ➡️ 🇪🇺.) In the letter we explain: 👉 The reauthorisation of Section 702 of the Foreign Intelligence Surveillance Act (April 2024) expanded the scope of the law so that any US company offering a service of any kind that has access to equipment on which communications are stored or transit can be compelled to comply with FISA 702 directives. 🚨These changes have introduced a high level of uncertainty about the scope of FISA 702 surveillance, and magnify concerns about the lack of safeguards in FISA 702. This then, raises questions as to whether U.S. surveillance laws provide a level of privacy and data protection essentially equivalent to the protection afforded by EU laws. Read our full letter to the European Commission here: https://lnkd.in/e3h6_2nE #surveillance #datatransfers

📢 Public Authorities & the AI Act: What You Need to Know The AI Act isn’t just for tech companies and developers— it applies to public authorities too. Ensuring public trust and safety is paramount and public authorities must lead by example, implementing AI responsibly and transparently. Here’s a deeper dive into their responsibilities, brought to you by our Counsel and Director of the Equity and Data Programme Laura Lázaro Cabrera: Dual Role Considerations: Providers & Deployers 🔷 If you modify or rebrand an AI system, you assume the role of a provider, which comes with extensive obligations. 🔷 Opting to deploy AI can mean fewer compliance burdens, but vigilance is key as several obligations still apply. Managing High-Risk AI Systems 🔷 Ensure robust human oversight and risk reporting mechanisms are in place. 🔷 Maintain representative input data for accurate and fair AI outcomes. 🔷 In terms of biometric ID, observe safeguards and secure necessary authorisations. 🔷 Provide detailed information on your AI systems as mandated by the AI Act. Additional Obligations for Public Authorities: 🔷 Register as deployers of the high-risk AI systems in the EU database. 🔷 Conduct comprehensive assessments on the implications of AI on fundamental rights. Strategic Checklist for Public Authorities considering deploying AI ☑ Determine if the prospective AI system is high-risk. ☑ Ensure the AI system is registered and the instructions are clear and comprehensive. ☑ Ensure your institution is equipped for human oversight, individual notifications and requests for explanation, as well as individual complaints . 🔗 Read our more detailed recommendations here: https://lnkd.in/e2GMZ9ts #AIAct #PublicAuthorities #AICompliance 

Today, the EU's Artificial Intelligence Act is published in the Official Journal, which means it will enter into force on 1 August 2024. 🇪🇺🤖 It's clear that the AI Act is a landmark piece of legislation and it will be looked to as the tone-setter globally. 👉 But where did it land on rights? Whilst human rights and privacy protections run throughout the Act, it left many of civil society's concerns unaddressed. ⚖️ There's still a way to go before many of the Act's provisions become applicable, with the section on prohibited AI practices becoming applicable first six months after entry into force and the full Act applying after two years. We look forward to the Commission and the AI Office working closely with civil society to ensure that the Act reaches its potential to protect fundamental rights, democracy and the rule of law and does truly set a precedent in regulating this novel technology. In the meantime, we've published some in depth analysis of the AI Act, with a series of briefs. 🌐  Part 1 - an overview: https://lnkd.in/gR9-Wruh 🌐 Part 2 - Privacy & Surveillance: https://lnkd.in/dEd9Nhsq 🌐 Part 3 - Freedom of Expression: https://lnkd.in/ec5xTz_T The AI Act is published here: https://lnkd.in/euGfjvqx #AIAct #AI #ArtificialIntelligence

Yesterday, CDT Europe had the privilege of participating in a half-day event organised by Amnesty International and Amnesty International The Netherlands, focusing on the critical intersection of technology, gender, and inequality. This timely event brought together activists, human rights defenders, and experts to delve into the urgent discourse on embedding intersectionality within digital rights work. Key discussions highlighted the concern over surveillance and spyware technologies—a global phenomenon that poses significant threats to human rights defenders, activists, journalists, women and girls, and LGBTQIA+ individuals. The impact of these technologies is far-reaching, exacerbating gender-based violence and affecting equitable access to economic, social, and cultural rights. At CDT Europe, we are closely monitoring these issues and actively advocating for robust policies to protect vulnerable communities from the adverse impacts of surveillance and spyware technologies. We stand committed to defending and promoting digital rights for all, ensuring that technology serves as a tool for empowerment rather than oppression. Thanks again to Amnesty for organising this event! #Spyware #Surveillance #Intersectionality

Don’t miss our latest newsletter - the EU Tech Policy Brief! In it you'll find our insights into the most pressing technology and internet policy issues under debate in Europe and internationally 🇪🇺 🌍 This month’s newsletter takes a deep-dive into: 🎉 CDT Europe’s appointment of Digital Rights Leader Asha Allen as Director and Secretary General! 👁️ A big win on the Child Sexual Abuse Material (CSAM) Regulation with the suspension of the vote by the Belgian Presidency. ⚖️ Our workshop on advancing fundamental rights in the AI Act implementation, where we strategised approaches to ensure human rights remain at the forefront of the roadmap to implementation. For this and everything else you need to know on EU tech policy and digital rights in the last month, have a look at our newsletter: https://lnkd.in/eCyKGgPc