EU Tech Policy Brief: July 2024

Welcome back to the Centre for Democracy & Technology Europe‘s Tech Policy Brief. This edition covers the most pressing technology and internet policy issues under debate in Europe, the U.S., and internationally, and gives CDT’s perspective on the impact to digital rights. To sign up for CDT Europe’s AI newsletter, please visit our website. Do not hesitate to contact our team in Brussels: Silvia Lorenzo Perez, Laura Lazaro Cabrera, Aimée Duprat-Macabies and David Klotsonis.

CDT Europe Appoints Digital Rights Leader Asha Allen as Director and Secretary General

We are very excited to announce the appointment of Asha Allen as our new Secretary General and Director. Previously CDT Europe’s Deputy Director and Programme Director for Online Expression and Civic Space, Asha Allen is a leading Digital Rights Advocate and brings a wealth of experience in human rights & digital policy. For three years, Allen spearheaded CDT’s engagement on the Digital Services Act and European Democracy Action Plan, and built collaborative civil society engagement in such debates.

Allen brings over 12 years’ experience from across the business, legal, and civil society sectors, and has dedicated her career to advancing human rights in EU and international tech policy. Prior to joining CDT, Allen led advocacy on gender equality and digitalisation for the largest women’s rights umbrella organisation in Europe, published several analyses for institutions such as the OSCE and Council of Europe, and managed international projects in collaboration with UN Women.

“At a crucial moment for the future of technology and human rights, I am delighted that Asha will lead CDT Europe’s important work” commented Peter Hustinx, former European Data Protection Supervisor and chair of CDT Europe’s Board of Directors.

Alexandra Reeve Givens, President and CEO of CDT Global, said, “Asha is an experienced and strategic advocate who has played a leading role in strengthening civil society voices in EU policy debates. Asha’s expertise on fundamental rights and technology policy is second to none.”

👁️ Security, Surveillance & Human Rights

In June, the Belgian Presidency of the Council of the European Union made a final effort to reach common ground on the Child Sexual Abuse Material (CSAM) Regulation before the end of its term. The new approach the Belgian Presidency put forward in March attempted to overcome the proposal’s many issues, particularly those relating to the disproportionate impact of the content detection orders it would allow and the unreliability of detection technologies it would depend upon. 

The latest text seeks to categorise the services based on risk, and only requires content detection orders to apply to services labelled as high-risk. It still includes end-to-end encrypted services within its scope, and requires ‘upload moderation’ (a form of client-side scanning) to scan images and videos before encryption and transmission, conditioning users’ access to specific services on their consent to upload moderation.  

CDT Europe has led in highlighting the inconsistencies of this new approach with EU law and relevant case law. In a widely-publicised briefing, we raised serious concerns regarding the Presidency’s proposal. A couple of days before the final vote on 20 June in the Committee of Permanent Representatives, which is responsible for preparing Council meetings at the ministerial level, CDT Europe sounded the alarm about the risks of moving forward with this approach. We called on the Council to reject the proposal and return to the negotiating table to reach a more balanced position under the auspices of the Hungarian Presidency. CDT Global also signed a statement of the Global Encryption Coalition calling for rejection of the proposal.  

As a result of overwhelming criticism and public outcry to reject the proposal, including from privacy advocate Edward Snowden, the Belgian presidency failed to gather the necessary support from the Member States and decided to suspend the vote. 

The Hungarian Presidency of the Council of the European Union — next in the rotating scheme — has announced their intention to rekindle work on the file as soon as possible, with a view to adopt a general approach by the end of their mandate in December 2024. CDT Europe joined EDRi and 46 civil society organisations in calling for the new Presidency to withdraw the draft CSA Regulation.  We will continue to monitor the negotiations, lending our expertise to all relevant stakeholders in order to reach a compromise that adequately respects the fundamental rights of everyone online. 

Recommended read: The Guardian published an interview with Signal President Meredith Whittaker about encryption regulation, titled “‘You cannot do mass surveillance privately, full stop’: Signal boss hits out at government encryption-busting moves”.

 💬 Online Expression & Civic Space 

In June, the European Council announced that the EU has opened accession negotiations with Ukraine and the Republic of Moldova, meaning that both countries will have to work towards transposing EU law – such as the Digital Services Act (DSA) – into their national law.

In that context – and ahead of the International Conference on Digital Platform Governance organised by UNESCO, which representatives from candidate countries also attended – CDT Europe hosted two expert study groups with government, media, and civil society representatives from Georgia, Armenia, Moldova, and Ukraine at our office in Brussels. The groups were visiting Brussels to meet with the Directorate-General for Communications Networks, Content and Technology the European External Action Service, and selected civil society organisations to learn more about the intricacies of digital regulation in the EU.

Policy and Research Officer David Klotsonis introduced them to CDT Europe’s mission and work, and updated them on EU platform regulation and the role of civil society in digital policy. It was a great opportunity to learn about the challenges that these countries are facing when it comes to transposing the DSA, particularly with regards to the complexity of fighting legal and illegal disinformation, as well as the resourcing of under-funded national regulators.

CDT Europe also attended a multistakeholder event bringing together companies and civil society, organised by the Global Network Initiative and the Digital Trust and Safety Partnership (DTSP), on the DSA’s risk assessment and risk mitigation provisions. The in-depth workshops over two days focussed on past and ongoing risk assessments. The event was an important first step in the right direction for increased civil society engagement as mandated by the DSA.

Recommended read: An article called “The Promise and Perils of Human Rights for Governing Digital Platforms: Symposium Introduction”, part of a symposium on the promise and perils of human rights for governing digital platforms. 

⚖️ Equity and Data 

Ahead of the Artificial Intelligence Act’s publication in the official journal of the European Union in July 2024, and entry into force in early August, CDT Europe held a closed civil society workshop on 18 June to discuss advancing fundamental rights in the implementation of the AI Act. It brought together representatives of key civil society organisations to discuss opportunities and strategic approaches to ensure human rights remain at the forefront of the roadmap to implementation.

Facilitated by Laura Lazaro Cabrera, CDT Europe’s Counsel and Programme Director for Equity and Data, the event delved into lessons learned from the AI Act negotiations and the political landscape post-EU elections, the regulatory ecosystem around the AI Act and key spaces to leverage fundamental rights expertise, as well as the important milestones and opportunities for civil society to monitor and engage with. The participants identified and discussed several crucial areas going forward, including prohibited AI systems, high-risk AI systems, fundamental rights impact assessments, and the forthcoming Codes of Practice for general purpose AI models.

Laura also participated in a panel event aimed at local decision-makers, discussing the legal implications of the Artificial Intelligence Act for cities, regions, and communities. The event was hosted by Living-in.EU, an EU initiative exploring uses of technology by towns, cities, and regions. Laura focused on the role of local authorities within the AI Act taxonomy, delving into the obligations created for both providers and deployers of high-risk AI systems. Noting that local authorities would most likely — but not necessarily — fall into the category of deployers, Laura underscored key obligations applicable to local governments, most notably conducting  fundamental rights impact assessments ahead of deploying high-risk AI systems to document foreseeable risks and harms, likely impacts on people and communities, and internal governance measures taken to address them. 

Overall, public authorities considering deploying AI must ensure that they have robust infrastructure in place to address the requirements of the Act. This must include effective mechanisms to enable appropriate human oversight of any AI system prior to adoption, to receive and address complaints or individual requests for information connected to high-risk AI systems deployed. 

Recommended read: MLex journalist Luca Bertuzzi’s analysis of the AI Liability Directive, “OpenAI, Meta, Anthropic could face civil liability in EU over their AI models”.

🗞️ Press Corner

• Contexte Media reported on our briefing on the CSAM legislation and mentioned our joint letter with EDRi calling for the proposal to be withdrawn.
• MLex quoted CDT Europe’s Silvia Lorenzo Perez (paywalled) on the Belgian Presidency’s latest proposal on the CSAM legislation: “It is very clear that the linguistic changes the Belgian presidency has introduced are not enough to protect encryption in the way France intends to. Article 1.5, when read in conjunction with Article 10a, essentially means the majority of detection orders will weaken and/or circumvent encryption.” 
• Politico’s EU Influence newsletter mentioned Asha Allen’s appointment as Director and Secretary General of CDT Europe.