Paul Breitbarth

Together with my colleagues we looked into the implementation of a number of obligations of both the P2B regulation and DSA by providers of online services in the Netherlands. Providers must comply with the DSA since 17 February 2024 and with the P2B Regulation since 2020. The ACM is the regulator-designate for both laws. Our survey sample among 50 providers showed that steps can be taken to improve compliance with both the DSA and the P2B Regulation. We suspect that many businesses are not fully aware of all the rules. ACM has and will continue providing guidance to providers. In our news item we provide more information on our findings. Businesses and consumers can also file reports with ACM if digital platforms do not fully comply with the rules. These reports help ACM be able to take action effectively once it is fully authorized to do so.

34

Dutch DPA tackles algorithmic discrimination The scandal of 2023 highlighted a serious issue of algorithmic discrimination within government organizations in the Netherlands. In response to these challenges, the Data Protection Authority (AP) became the coordinating supervisor for algorithms and artificial intelligence starting January 2023. AP's collaboration with the European Data Protection Board (EDPB) is crucial for effective oversight, especially concerning major tech companies like TikTok. However, issues arise due to the hiring of private investigative firms to address confidentiality matters, leading to duplication and inefficiency. Increasing AP's budget is recommended to enhance oversight and protect personal data rights more effectively. This will enable a more robust fight against algorithmic discrimination and underscores the importance of regulatory bodies like AP in safeguarding citizens' rights in the digital age. Fighting algorithmic discrimination is key to protecting our rights in the digital world! Source: https://lnkd.in/exGAVZPE #algorythm #Holland #discrimination #EDRB #digitalspace #avitar #data_protection

9

Western countries are rapidly evolving into police states. This is the description of “police state” according to Wikipedia: “A police state describes a state whose government institutions exercise an extreme level of control over civil society and liberties. There is typically little or no distinction between the law and the exercise of political power by the executive, and the deployment of internal security and police forces play a heightened role in governance.” Pay attention! This is defining the current reality of pro-Palestinian people in many countries. The majority is not aware of the erosion in civil rights in these countries. The only way to survive this is to engage in political life, by establishing new political parties, movements and alliances. Civil action will not be sufficient on its own. This is not just about Gaza and the Palestinians anymore. This is about the world you, me and our children will live in.

32

The European Commission is currently soliciting input on its White Paper "How to master Europe's digital infrastructure needs", which lays out the vision for the Digital Networks of the Future, referred to in the White Paper as “Connected Collaborative Computing” (“3C Networks”). What the White Paper does:   It does recognise the intricate relationship between connectivity and computing: connectivity has ensured the decentralized internet and computing has pushed connectivity to new heights (5G, 6G, satellite, fibre, etc.). It does a good job in asserting that, in order to ensure that this symbiotic relationship is healthy, three main factors should be in place: innovation; an appropriate regulatory environment; and, security. What the White Paper does not: The White Paper does not do a good job at recognising the complexity of internet infrastructure, often treating it as if it is the same as telcos' infrastructure. It also does not care about public and expert opinion and insists on network fees. This time around, it seeks to do that in a dishonest way, namely suggesting an unwarranted and unnecessary “dispute resolution mechanism” for the IP interconnection market, something that has been a part of the big European telcos wish list. And, finally, the White Paper is very much written under the notion of digital sovereignty and fails to take into consideration the conversations about connectivity that are right now taking place in the UN under the Global Digital Compact (GDC). Full submission here: https://lnkd.in/evnWp3_e #infrastructure #internet #networkfees #interconnection #telcos #fairshare #GDC

52

New paper out! In our research with Jan-Willem Van Prooijen, we explored how identification with the EU identity influences people's responses to a violent intergroup conflict between two non-EU countries, namely Ukraine and Russia, at different time points. We conclude that while there is some merit to the idea that opposition to the intergroup conflict between non-EU groups predicts a progressive increase in identification with the EU identity, the evidence more clearly supports the notion that identification with EU identity predicts increasingly stronger opposition to intergroup conflict between non-EU countries. You can read our paper here: https://lnkd.in/eT_r2-ag

24

UPDATE ALERT!

4

European Union Agency for Fundamental Rights: #GDPR in #practice – Experiences of data protection authorities’ This report is based on 70 interviews with representatives of data protection authorities from all 27 EU Member States. FRA interviewed the representatives between June 2022 and June 2023. FRA’s report ‘GDPR in practice – Experiences of data protection authorities’ highlights key issues, showcases best practices and suggests solutions: 📍Lack of resources – underfunding and a lack of staff hamper the authorities from fully carrying out their mandates. New EU laws, such as the AI Act or EU border management systems, will create additional tasks for them. These will be difficult to implement without appropriate resources. 📍Supervisory powers – data protection authorities already have investigative powers, but they need more tools to reinforce their supervisory capacity. 📍Exchange of best practices – lacking resources, data protection authorities often need to prioritise complaint handling over other tasks. 📍Consultation and providing advice – data protection authorities are often not consulted on new legislation or given tight deadlines. Some public authorities also do not consult with data protection authorities before launching a data processing operation. To ensure that data protection principles are considered in legislative proposals, EU countries should consult with data protection authorities and seek their advice in advance. They should also encourage public institutions to more systematically consult with data protection authorities. 📍Raising awareness – people do not fully understand their right to personal data. EU institutions and EU countries should promote awareness of data protection rules and obligations. The EDPB should develop specific guidance on data processing involving new technologies. 📍Access to data for research – researchers still struggle to access data, although EU data protection rules allow the processing of data for scientific purposes. The EDPB should develop specific guidance and clarify what is possible under EU law. 📍New technologies – the GDPR provides useful tools to deal with new technological challenges, but many data protection authorities struggle to properly regulate them. Together with data protection authorities, the EDPB should identify specific technology related areas where more clarity is needed. Data protection authorities should work more closely together when advising on new technologies. Link: https://lnkd.in/eYq9iY7t

107

3 Comments

Court permits intelligence agency to investigate political party in germany At Birdwatcher Group, we stay at the forefront of intelligence and security developments to provide our clients with the most accurate and relevant insights. A recent ruling by the Oberverwaltungsgericht (Higher Administrative Court) in Münster has significant implications for the security landscape in Germany. The court affirmed the Verfassungsschutz’s (Federal Office for the Protection of the Constitution) decision to label the far-right AfD party as a “Verdachtsfall” (suspected case), enabling enhanced surveillance measures such as wiretapping and informant deployment. This decision underscores the critical role of intelligence agencies in safeguarding democratic values against extremist threats. Key Takeaways: - The ruling validates the Verfassungsschutz’s findings of substantial evidence that AfD actions undermine democratic principles and promote discrimination. - Enhanced monitoring is now legally sanctioned, reflecting the judiciary's recognition of the AfD’s radicalization over recent years. - This decision is pivotal as Germany contemplates further measures, including potential party bans, particularly with upcoming elections in mind. At Birdwatcher Group, we understand the complexities of balancing security and democratic freedoms. Our expertise in intelligence and security solutions equips organizations to navigate such challenges effectively. There are more countries and intelligence services that have to struggle with this difficult balance. Especially in the Netherlands, where a radical right government is about to be formed, this question has to pop up in certain places. #security #intelligence #AfD Artikel: https://lnkd.in/e8fBWC3q

9

📢 Less than a week until the CPDP Conference in Brussels! Don't miss our very own Aoife Sexton moderating the panel 'The Synthetic Data Spectrum: Where Does Anonymisation Start and Privacy-preserving End?' Join us for insights into the future of privacy and AI. #CPDPconference #SyntheticData #AI #Anonymisation #Privacy

6

For some months I have been discussing and debating with various experts about whether LLMS "contain or store" personal information. Technologists say no, but some data protection experts have maintained that "tokens" and how they may correlate with each other to spit our personal information are therefore personal information. (This is separate from the question of does a LLM produce personal information in response to a query). I have also been of the view that the model does store personal information in this statistical format. This opinion from the Hamburg DPA is very helpful and provides an analysis of why the tokens and associations in the model should not be viewed as personal information. I am still trying to get my head around how knowledge about correlations of parts of words that a query can assemble into personal information are not actually simply by definition personal information, but the DPA provides a compelling perspective. In the comments I am posting some alternative views that are usful to understand this debate. See blog by David Rosenthal in particular. https://lnkd.in/evGS2nai?

51

9 Comments

Council of the European Union: Data protection: Council agrees position on #GDPR #enforcement #rules The Council today reached an agreement on a common member states’ position on a new law which will improve cooperation between national data protection authorities when they enforce the General Data Protection Regulation (GDPR). Once adopted, the regulation will provide tools to speed up the process of handling cross-border complaints filed by citizens or organisations, and any follow-up investigations. This is notably thanks to the harmonisation of the requirements for a cross-border action to be admissible. Wherever in the EU a citizen files a complaint relating to cross-border data processing, the admissibility will be judged on the basis of the same information.

87

1 Comment

In today's post on the blog, Henry B. examines media control in the EU through two case studies. Read the full post here: https://lnkd.in/eWaMNXYZ

6

📚 Recently published: 'The Effectiveness of Human Rights in a Multilevel Legal Order Under Threat?'❗ 🔍 About the book: 'The Effectiveness of Human Rights in a Multilevel Legal Order Under Threat?' by Jasper Krommendijk provides an in-depth analysis of the effectiveness of human rights within a multilevel legal system. This book, an extended version of Krommendijk's inaugural lecture at Radboud University, delves into the growing skepticism and critical debate surrounding human rights laws. Krommendijk argues that human rights norms are often perceived as under threat and stresses the importance of both doctrinal legal research and empirical research to understand when and why human rights are effective. This book is essential for anyone invested in the future of human rights, offering insights that are both profound and practical for safeguarding the multilevel human rights system. 💡 Important insights: - A combined approach of doctrinal and empirical research is essential to ensure the effectiveness of human rights. - The book provides practical insights for maintaining and improving the multilevel human rights system. 📚 Get your copy: https://lnkd.in/eRZkxz3D 🗣️ Start the conversation: What role do legal professionals play in ensuring the effectiveness of human rights? Share your insights in the comments below! 👇

22

Exculpation à la Belgique In a recent decision, the Belgian #Data #Protection #Authority (Autorité de protection des données, #APD) emphasizes the support obligations of the #controller towards its data protection officer (#DPO). At the same time, it makes it clear that if the controller does not meet these obligations, the data protection officer is consequently unable to fully fulfill his or her tasks and there are data protection breaches as a result, the controller cannot exculpate himself or herself by referring to corresponding omissions on the part of his or her DPO. 👏 The Belgian supervisory authority has clearly made it clear to controllers that it is not enough to simply have a DPO on paper. The DPO must be supported and equipped in accordance with the requirements of the #GDPR. It is therefore not the external appearance but the actual situation that counts. ❓ A good judgment for all DPOs. I just don't understand why this type of litigation still has to be conducted. Surely controllers should be aware by now of the requirements that need to be met under the GDPR? https://lnkd.in/ewQhwebn

4

Algorithmically-based decisions become more and more common. The famous COMPAS case where offenders were sentenced etc. partly based on an algorithmically-based prediction of whether they would recidivate sparked a tremendous interest in algorithmic discrimination and fairness. One proposed fairness criterion is calibration across groups. Basically in the COMPAS case calibration across groups means that a given risk score implies the same probability of recidivating whichever group the offender belongs to. In a forthcoming article in Law and Philosophy I criticize calibration appealing to how we think of fairness in the context of audit studies. (A brief piece in Danish - "Kan en 'diskriminerende' algoritme være fair?' - that sums up the argument has been published on https://lnkd.in/dwr9R5Hi). Thanks to Danmarks Grundforskningsfond / The Danish National Research Foundation for support!

32

4 Comments

The latest proposal by the Belgian Presidency on the #CSARegulation is dangerous:  ❌ Confronting users with a binary choice of either agreeing to having their private chats scanned for child sexual abuse or not allowing them to share and receive images, videos or URLs would de facto lead to the introduction of client-side scanning. This would severely undermine the robust protection that end-to-end encryption provides to people’s privacy and security, while increasing the likelihood of privacy breaches. With this proposal, the Belgian Presidency seems to have once again fallen into the trap of choosing safety over privacy rights, when the ultimate goal should be to balance both in a way that effectively protects children while guaranteeing the right to privacy of all users. This is why CCIA Europe and a coalition of other industry associations have issued an urgent call on Member States to protect both safety and privacy in the Council’s position, and to strongly preserve the integrity of end-to-end encryption and confidentiality of communications. You can read the joint call 👇 #privacy #CCIAeurope #EUvsChildSexualAbuse #CSAR 

21

The European Commission is taking bold steps to tackle climate risks, emphasising the need for evidence-based decisions. Their latest communication calls for coordinated efforts to protect society and ensure access to basic services. Read more about the European Commission's approach and the role of MYRIAD-EU's multi-risk assessment framework: https://lnkd.in/gN5r-4RD #ReducingRisksTogether #ClimateAction #H2020 #EuropeanCommission #MYRIADEU #ClimateRiskManagement

3

FIOD press releases - necessary or just harmful? FIOD press releases often include sensitive information that can lead to public stigmatization of suspects before they have had a chance to respond. I this blog I argue for a more balanced approach that respects the privacy of individuals and avoids potential harm to their personal and professional lives. The FIOD should consider less invasive methods of keeping the public informed about their investigations, ensuring that the justice system retains its integrity while protecting individual rights! #Corruption #FIOD #NoTrialByMedia #Privacy #Vaklunch Hertoghs advocaten

35

1 Comment