EU Tech Policy Brief: Spring 2024 Edition

Welcome back to the Centre for Democracy & Technology Europe‘s Tech Policy Brief. This spring edition covers March and April’s most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on the impact to digital rights. To sign up for CDT Europe’s AI newsletter, please visit our website.

Do not hesitate to contact our team in Brussels: Asha Allen, Silvia Lorenzo Perez, Laura Lazaro Cabrera, Aimée Duprat-Macabies, David Klotsonis, and Jonathan Schmidt.

UPCOMING EVENT: Exploring Ways Forward to Combat Spyware in the EU

On 15 May, CDT Europe is organising an online high-level event addressing the aftermath of the Pegasus spyware scandal and its worldwide impact. In 2021, the Pegasus scandal sent shockwaves around the world, shedding light on the dangers of government surveillance enabled by modern technologies. Despite multiple calls for action, meaningful progress at the EU level remains elusive, prompting civil society to take the lead in advocating for human-rights protective approaches. 

As EU elections approach, our panel of experts — key institutional representatives from the EU and around the globe — will delve into the urgent need for regulatory action against the misuse of spyware technologies in the upcoming legislative term. For more details, and to RSVP, visit CDT’s website.

The AI Act Fails To Meet The Bar On Human Rights Protection 

On 13 March, the European Parliament approved the AI Act. Despite the Act’s ambitions to set a global standard that would robustly protect human rights, the end result falls frustratingly short. Initially promising parts of the Act, such as the requirement to carry out fundamental rights impact assessments, and the prohibitions on certain types and uses of AI systems, are either far too watered-down or limited in scope. 

The Act takes a landmark step by creating a range of obligations for providers of high-risk AI, but a loophole would allow providers to self-assess their AI system out of the high-risk category and ultimately allow them to circumvent their responsibilities. 

For a comprehensive understanding of the landmark regulation, we’ve put together a few explainers: the first is an in-depth overview of the EU AI Act, and the second delves into the Act’s privacy and surveillance issues. Stay tuned for the next explainer!

The Digital Services Act Civil Society Coordination Group Gathers to Develop Recommendations

On 17 April, CDT Europe and the Open Government Partnership held the fifth event in the Civil Society Roundtable series in Brussels. Supported by the Belgian Presidency of the Council of the European Union, the event brought together over 90 participants from EU Member States, institutional and national regulator representatives, and a diverse coalition of civil society organisations, academics, and technologists for discussions on the Digital Services Act’s implementation.

In technical workshops covering different areas of the DSA, partners from CDT Europe’s DSA Civil Society Coordination Group led participants in developing recommendations for how stakeholders can more formally cooperate.

A few key insights emerged: for civil society to successfully play a role in implementing and enforcing the DSA, it must be able to equitably participate in the process. That will require a clearer, formal mechanism for consultation and cooperation between institutional actors and civil society organisations, in part to ensure effective resource allocation. More clarity is also needed regarding how institutional actors will collaborate on enforcement of the DSA, and the overall timeline on which that enforcement will occur. 

As the DSA sets regulatory trends worldwide, other jurisdictions will increasingly look to the EU for lessons on how to design and implement rules for platform governance. In that context, a human rights-first approach that includes strong and meaningful collaboration with civil society is vital.

Examining the Impacts of Digital Regulations on Human Rights and Freedom of Expression

On 19 March, CDT Europe and Future for Free Speech held a symposium on the far-reaching impacts on human rights of legislation such as the AI Act and Digital Services Act (DSA). 

Laura Lazaro Cabrera, CDT Europe’s Counsel and Programme Director for Equity and Data, moderated a panel focused on the AI Act’s pathway to adoption. Participants discussed key requests civil society made throughout the negotiations: those included strengthening the prohibitions on AI systems that present unacceptable risks, and ensuring that high-risk deployments of AI systems were comprehensively identified. Discussants also explored how the Act’s final text was generally received by the broad range of stakeholders engaged in the negotiation process. 

Panellists highlighted the Act’s obligation for AI systems to undergo fundamental rights impact assessments, and its prohibitions on select AI systems, as positive steps towards protecting human rights. The panel also discussed some of the shortcomings of the Act, including the loophole allowing providers to self-assess the risk category of their AI systems, and the exceptions from prohibitions of AI systems.

Another session focused on what the DSA will mean for free expression. Asha Allen, Acting Director of the CDT Europe Office and Programme Director for Online Expression, reflected on what the regulation gets right and where challenges remain. Panellists explored how key provisions are being implemented, and what stakeholders need to ensure the DSA’s regulatory success. Participants also discussed how to monitor effective, human-rights centred enforcement of the DSA, and prevent a race to the bottom in terms of both industry compliance and enforcement overreach by supervisory authorities. You can watch the full event on Future for Free Speech’s website.

How Can Civil Society Best Shape General-Purpose AI Regulations?

At a civil society workshop on 24 April, co-organised by the Ada Lovelace Institute and SaferAI, general-purpose AI took centre stage. The workshop focused on how the AI Act governs general-purpose AI models and the upcoming process the AI Office will lead to develop industry standards (codes of practice) for those models. CDT Europe’s Asha Allen highlighted the lessons learned from civil society’s involvement in the process for ensuring DSA compliance with the EU Code of Conduct. 

Participants raised concerns about the process for drafting the codes of practice, which will be constrained to a tight nine-month timeline with limited civil society involvement. This could result in disproportionate influence from the private sector, and significant risks being overlooked. Civil society therefore needs to ensure ways to provide meaningful and influential input, to potentially include civil society crafting a “shadow” version of the codes of practice that more comprehensively addresses risk concerns.

The Case For Regulating Spyware Technologies

Following the recent revelation that almost 600 people were targeted with Pegasus spyware under the former Polish government, the issue of spyware surveillance took on renewed importance. CDT Europe’s Programme Director on Security, Surveillance, and Human Rights, Silvia Lorenzo Perez, spoke on those developments and how to regulate the spyware technologies at the European Cyber Agora, hosted by the German Marshall Fund of the United States. 

Silvia highlighted the critical need for precise definitions within legal frameworks, which adapt to the evolving landscape and safeguard human rights in the digital sphere. By narrowly defining the concept of cyber mercenaries to solely implicate individual actors, developers, or vendors, states evade accountability for their own actions. The Pegasus scandal revealed that governments are misusing cyber tools and spyware against their citizens both domestically and internationally; she argued that these states must be held accountable. 

While the “Pall Mall Process” is commendable in combating spyware proliferation, it should not become a missed opportunity to address profound human rights concerns. Meaningful civil society involvement in the process is key: NGOs must have a seat at the table, to amplify the voices of those affected by spyware. CDT Europe is committed to closely monitoring developments in this sphere, ensuring that fundamental rights remain at the forefront of regulatory efforts.

The CDT Europe Team Continues to Grow

We are thrilled to extend a warm welcome to our newest team members, Aimée Duprat-Macabies and Jonathan Schmidt! Aimée joins us as our Advocacy and Communications Officer, bringing her expertise and passion for effective communication to our mission. Jonathan is joining as an AI Fellow; his expertise in artificial intelligence will undoubtedly enrich our research initiatives and further our understanding of this rapidly evolving field.

Congratulations are also in order for David Klotsonis, who has been promoted to Policy and Research Officer. David’s dedication and insightful contributions have been invaluable to our organisation, and we are excited to see him continue to thrive in this new role.

🗞️ Press Corner 

Other CDT Europe Publications and Activities