Here’s something that you probably already know: The groundwork for digitalization’s legal path and an increasingly data-driven economy in Europe is being laid primarily in Brussels. This is particularly evident this year, with the European Commission having taken up a series of projects that will decisively shape Europe’s digital and data legal framework over the next decade. Only a few days ago, the Commission presented measures for the successful digital transformation of Europe with its communication on a 2030 Digital Compass: the European way for the Digital Decade. According to this, by 2030, three out of four companies will be using cloud computing services, “big data”, and artificial intelligence, and the number of start-up “unicorns” will have doubled.
In view of the complexity of the regulatory fields and the concurrent interdependencies of many initiatives – such as the GDPR and the future regulatory framework on artificial intelligence – the Commission, the EU Parliament, and the Member States are faced with an immense challenge. All the more so, given that what is at stake is nothing short of the innovation and competitiveness of the European economy, which has a lot of catching up to do with the US and Asian markets, especially in the digital sector. A modern, technology-neutral legal framework that wisely balances innovation and business promotion on the one hand, and the protection of consumer rights and European values on the other, will therefore have a vital influence on the mammoth task of digitalizing the European economy.
With the Digital Markets Act and the Digital Services Act, two current horizontal regulatory projects stand out in this endeavor. These have already been launched and will bring about fundamental legal changes, especially for digital platforms. If we take a closer look, however, we can expect a whole host of further projects and directional decisions to emerge from Brussels this year.
At least between the Member States, the Gordian knot of the ePrivacy Regulation was finally cut after they were able to agree on a unified position under the Portuguese Council Presidency. Now we can look forward to the further negotiations in the trialogue with the European Parliament and the European Commission.
In the next few weeks, the Commission is also expected to have approved the new versions of the standard contractual clauses eagerly awaited by the industry, with which the transfer of data to third countries will hopefully once again enjoy legal certainty. It is also possible that progress will be made by then in the negotiations with the new U.S. administration on a new version of the Privacy Shield, which was quashed by the European Court of Justice three quarters of a year ago and has since left a vacuum for transatlantic data exchange.
For thousands of companies, the legally secure exchange of personal data between companies on both sides of the Atlantic plays just as important a role in an increasingly digitalized economy as does the creation of an EU single market for non-personal data. In this respect, too, things have been advancing in Brussels since the Commission adopted its European Data Strategy. Already at the end of last year, a first version of an act was the Proposal for a Regulation on European data governance (Data Governance Act), with this aiming to create a new type of data governance in Europe so that data can be exchanged more easily between different sectors and Member States. The newly created concept of “data altruism” has already generated harsh criticism from some quarters and will be the subject of further deliberations in Brussels.
Closely aligned to this is the consideration of a revision of the eIDAS Regulation from 2014, which is also on the EU Commission’s roadmap for this year, and which is intended to create a new European digital identity to facilitate the use of online services across Europe, so that EU citizens can better control the sharing and use of their data.
Finally, the Commission will present a horizontal regulation of the legal framework for artificial intelligence this year to protect the fundamental values and rights of the EU as well as the safety of users when using AI systems. All of this will also be backed financially by the European recovery program NextGenerationEU, from whose pot alone €150 billion is to be made available for investments in the digital sector by 2027.
There is no shortage of ideas, proposals, and implementation measures in Brussels for a future-proof legal framework for digitalization and the data economy in Europe. You might almost think that there seems to be more law and regulation on the way than the innovations and technologies that they intend to contain. In fact, you might not be so wrong: Despite the “Covid boost” with respect to digitalization, there are currently considerable legal uncertainties in many companies when it comes to the use of digital technologies, which could well serve as a brake on innovation.
Who might invest in AI technologies today if it turns out tomorrow that the solution cannot be used without potentially requisite certifications? Who has the heart to engage in data aggregation or data sharing with other industry participants and AI-based data analysis if the legal situation for generating training data is uncertain or regulatory questions remain unanswered?
Fortunately, there are numerous companies and projects that are not deterred by this, and in many cases, it is precisely the lack of regulation that creates leeway when it comes to actions which are legally permissible. In the long term, however, there is a need for a reliable and innovation-friendly legal framework as well as intelligent groundwork, with which the European Commission must pave the way for a digital Europe. In this respect, we are looking forward to an exciting year, not only in Brussels, but throughout Europe.
eco position paper on the Digital Services Act (March 2021)
Oliver Süme is Chair of the Board of the eco Association, a certified IT lawyer, and a partner at the international law firm Fieldfisher. He is an IT and technology law specialist with more than two decades of experience in the field. Oliver advises national and international clients from various sectors on their path to digitalization. Data protection, IT security and IT contracts are among his key areas, as well as the legal impact of new technologies such as AI and blockchain.