Nov 302023

Insights from the IAPP Europe Data Protection Congress: Regulatory Convergence on AI and Sidley’s Women in Privacy Networking Lunch

Francesca Blythe, Monika Zdzieborska, Lauren Cuyvers and Bronwyn Tonelli
, , , , ,

The International Association of Privacy Professionals (IAPP) held its annual Europe Data Protection Congress in Brussels on November 15 & 16, 2023. Whilst the Congress covered a wide range of topics related to privacy, cybersecurity and the regulation of data more broadly, unsurprisingly a recurring theme throughout was the responsible development, commercialization and use of AI. In this regard panelists explored (amongst other things) what practical and effective AI governance may look like, the role of a Digital Ethics Officer, how to strike a balance between enabling innovation and safeguarding individual rights, and how AI may be used to automate data breach detection and response.

Monika Zdzieborska, Senior Managing Associate in Sidley’s Competition team, participated in a panel discussion entitled “Navigating the Intersection Between Privacy and Antitrust.” She and her co-panelists Teresa Basile, Romana Hajnovicova and Giorgia Vulcano considered how competition law and privacy are evolving as data ecosystems become more ubiquitous. While there are still open questions on the potential for conflicting aims and outcomes between the two regimes (such as “privacy washing” or privacy-related concerns around data-sharing obligations), the panelists noted that agencies around the world are taking important steps to achieve a more joined-up approach to digital regulation and enforcement. Given that digital technologies – and AI in particular – bring up issues that fall under the remit of several regulators, it is imperative that regulators:

  • Engage in structured inter-agency cooperation – in the UK, the Digital Regulation Cooperation Forum (DRCF) – a body that brings together four main UK regulators that cover digital services – leads the way in such cross-disciplinary collaboration. A similar cooperation platform, the Digital Regulation Cooperation Platform (SDT) was launched in the Netherlands. At EU level, the High-Level Advisory Group on the Digital Markets Act, which includes both the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS), could serve as a forum for future coordination. For now, these bodies only have advisory functions without any decision-making powers, but this may change in the future. For example, the DRCF’s AI and Digital Hub will be launched early next year in the UK. This is a pilot of a new multi-regulator interface that will allow companies to direct their questions to all four UK regulators through a single point of access and receive tailored support in return.
  • Develop closer ties with their international counterparts – in addition to horizontal coordination between national agencies, we have also seen agencies around the world finding new ways of working together. Earlier this year, the International Network for Digital Regulation Cooperation – which aims at fostering discussion between regulators on matters of coherence across digital regimes – was launched. Further, the EDPB created a task force charged with identifying ways to boost cooperation between national data protection and competition authorities, and how they interact with EU authorities. Developing international standards pertaining to digital regulation will be perhaps one of the biggest tasks in the coming years.
  • Invest in robust technological expertise – finally, to work effectively together, regulators must have the necessary tools to understand fully the issues at play. To build such understanding, the agencies should: (i) invest in robust in-house data and intelligence units to be able to engage in effective dialogue with industry, and (ii) encourage honest dialogue – including through incentive mechanisms to allow companies to exchange information in a safe environment – with industry to develop a better understanding of the underlying technologies and potential issues.

The growing interplay between competition law and privacy is resulting in increased inter-agency information sharing and joint investigations. Companies should be alert to the potential risks and prepare accordingly. Businesses should consider taking the following steps: (i) ensure close and early (e.g., at the stage of product/service creation) cooperation between in-house competition and data protection teams; (ii) monitor how this information provided in response to a consultation or a request for information is presented and who it might be subsequently shared with, and (iii) carefully consider the confidentiality of the submissions and how information may be used by other regulators.

In parallel to the Congress, Sidley hosted a Women in Privacy (WIP) Networking Lunch on November 15, 2023. The lunch, which was attended by female professionals in the field of privacy and cybersecurity, featured two Q&As. The first featured a discussion with Neema Singh Guliani, Deputy Assistant Secretary for Services in the International Trade Administration, hosted by Francesca Blythe, partner in Sidley’s European Privacy and Cybersecurity team. The discussion was focused primarily on the successful implementation of the EU-U.S. Data Privacy Framework, and the U.S. Department of Commerce’s role in supporting global data transfers. The second featured a discussion with Sophia Ignatidou, Group Manager for AI and Data Science at the UK Information Commissioner’s Office, hosted by Lauren Cuyvers, Senior Managing Associate in Sidley’s European Privacy and Cybersecurity team. The discussion was focused primarily on the risk and causes of bias and discrimination in AI, the importance of the fairness principle in AI governance, and how diversified and/or synthetic data sets could reduce these risks.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

Francesca Blythe

London

fblythe@sidley.com

Monika Zdzieborska

London

mzdzieborska@sidley.com

Lauren Cuyvers

Brussels

lcuyvers@sidley.com

Bronwyn Tonelli

Trainee Solicitor

btonelli@sidley.com

You might also like
Top 10 Questions on the EU AI Act

The EU AI Act will be the first standalone piece of legislation worldwide regulating the use and provision of AI in the EU, and will form a key consideration in AI governance programs. The AI Act will have a significant impact on many organizations inside and outside the EU, with failure to comply potentially leading to fines of up to 7% of annual worldwide turnover.

EU Formally Adopts Cyber Law for Connected Products

On 12 March 2024, the European Parliament approved the EU Cyber Resilience Act (“CRA”) with a large majority of 517-12 votes in favor of the legislation (with 78 abstentions). The CRA aims to ensure that “products with digital elements” (“PDE”) i.e., connected products such as smart devices, and remote data processing solutions, are resilient against cyber threats and provide key information in relation to their security properties.

Chambers 2024 Global Practice Guides for Data Protection & Privacy and Cybersecurity
The newest editions of the Chambers Global Practice Guides have been published and, once again, Sidley lawyers have contributed to two guides: Data Protection & Privacy 2024 and Cybersecurity 2024. These publications cover important developments across the globe and offer insightful legal commentary for businesses on issues related to data privacy and cybersecurity, such as regulatory enforcement and litigation, global cooperation to combat cybercrime, international agreement on ‘Software Security by Design,’ a global approach to policy on artificial intelligence, and more. Sidley partner Alan Charles Raul is a contributing editor to both guides in addition to authoring the introductions. The UK chapters of Cybersecurity 2024, covering “UK Law and Practice” and “UK Trends and Development” were authored by Sidley lawyers William Long, Francesca Blythe, Denise Kara, and Eleanor Dodding.