The Protection of Journalists through the Proposed European Media Freedom Act

Blogpost 33/2023

In 2021, while addressing the European Parliament during her State of the Union address, the Commission President, Ursula von der Leyen, referred to the dangers faced by journalists, concluding that “[i]nformation is a public good. We must protect those who create transparency, the journalists.” At that point, almost four years had passed since the murder of the Maltese investigative journalist Daphne Caruana Galizia, and the European Union had yet to take any measures to address this issue. It would be for another year before the Commission would publish its proposal for a regulation establishing a common framework for media services in the internal market (European Media Freedom Act).Continue reading

The EU AI Act at a crossroads: generative AI as a challenge for regulation

Blogpost 32/2023

Advances in artificial intelligence (AI) have once again surprised people. New approaches to training very large context-aware systems have enabled generative AI systems (GAI), especially large language models (LLMs), which can produce content that is, in many cases, indistinguishable from the products of the human mind. ChatGPT, an LLM, has proven to be one of the fastest-growing consumer applications, and such popularity raises the question of how to govern and regulate AI even more pressing. Discussions in the AI community have been at a fever pitch. Two letters with humongous support from the AI community tried to stir debates. One from the Institute for the Future of Life called for a 6-month moratorium on experiments to figure out how to deal with systems adequately. Another letter stressed the risk of extinction to get policymakers to act. These debates on GAI and large AI systems have landed them in the middle of deliberations over a proposed AI Act. While there is a great deal of overlap between the European Commission’s (Commission) original draft, the position of the Council of the European Union (Council), and the European Parliament’s (Parliament) position, they diverge on how to deal with the models that are under discussion. Continue reading

From C-73/14 to ITLOS Case No. 31: Examining the EU’s representation before International Courts and Tribunals, in light of the Principle of Sincere Cooperation under EU External Relations Law

Blogpost 31/2023

On 26 June 2023, the International Tribunal for the Law of the Sea (ITLOS) announced that it had received written statements from 31 States Parties and eight intergovernmental organisations with regard to Case No. 31 (Request for an Advisory Opinion submitted by the Commission of Small Island States on Climate Change and International Law). As expected, this included European Union (EU) member states’ submissions. More precisely, from Poland, Germany, Italy, Latvia, France, Portugal and the Netherlands.

However, perhaps somewhat surprisingly, the European Commission (EC) also submitted a written statement on behalf of the EU to ITLOS, adding an intriguing dimension to the proceedings. After all, the decision by the EC to submit a written statement revives the discussion on the EU’s representation before International Courts and Tribunals. For that reason, this blogpost aims to assess possible salient aspects regarding the statement submitted by the Commission on behalf of the EU. Does it contradict the views of the Member States that submitted their observations? What implications arise from the fact that the Member States themselves have submitted observations in this case? How does this align with the principle of sincere cooperation under EU external relations law, particularly considering the C‑246/07, European Commission v Kingdom of Sweden PFOS judgment?Continue reading

The European Court of Justice in Meta Platforms leaves competition and data protection authorities with an assignment

Blogpost 30/2023

Competition authorities can identify a violation of the data protection rules when such a finding is necessary to establish an abuse of dominance under the competition rules. This is the main outcome of the judgment that the Court delivered in Meta Platforms on 4 July 2023. The judgment is the next step in the saga that started with the 2019 competition decision of the Bundeskartellamt (the German Federal Cartel Office) requiring Facebook (now Meta) to refrain from combining user data from different sources beyond its social network. The judgment provides a welcome confirmation that data protection standards can also matter for the interpretation of the competition rules. However, what is more remarkable and less expected is the general framework the Court sets out for coordination between competition and data protection authorities building on the duty of sincere cooperation and the clarity with which it evaluates the different legal bases Meta invoked for processing user data. The judgment can become a reference point for assessing the legality of personal data processing by dominant firms, but also leaves competition and data protection authorities with an assignment to explore how to coordinate their work in the future. Continue reading

The paradoxical existence of overriding public interests in the EU: ClientEarth v the European Commission

Blogpost 29/2023

On 1 February 2023 the General Court delivered its judgment in T-354/21 ClientEarth v Commission. The case concerned the Commission’s refusal to allow access to several audit documents on fisheries control systems in Denmark and France. Its refusal was based on a general presumption of non-disclosure for documents related to infringement proceedings that are in preparation or ongoing. ClientEarth unsuccessfully argued that an overriding public interest nonetheless justified their disclosure, and asked for an annulment of the Commission’s decision. The General Court found in favour of the Commission and dismissed the case, yet again illustrating the deficiencies in the EU’s access to documents regime laid down in the Transparency Regulation, and leaving ClientEarth to appeal the case to the Court of Justice.

Continue reading

Oceans Apart: The EU and US Cybersecurity Certification Standards for Cloud Services

Blogpost 28/2023

The leaked May 2023 draft of the EU’s Proposed Cybersecurity Certification Scheme for Cloud Services (EUCS) has caused a stir due to its continued inclusion of strong digital sovereignty requirements. The stated goal of the EUCS is to enable cloud service providers (CSPs) to “demonstrate their trustworthiness and the effectiveness of their cybersecurity defenses” to European governments and businesses.  EUCS, however, threatens to impose data localization requirements on any CSP aiming to qualify for a high level of cybersecurity certification within the European Union.  It also effectively would exclude CSPs headquartered outside the EU from seeking “the highest level of … certification” on the grounds that such CSPs would not be immune from foreign law. The immunity requirement demands that such CSPs “are operated only by companies based in the EU” with their “registered head office and global headquarters … in a Member State.”

A working group of the European Agency for Cybersecurity (ENISA), the body charged with drafting EUCS, discussed the latest (now-leaked) EUCS proposal on 26 May 2023.   The European Commission strongly defended the proposal, but according to observers several EU member states, led by the Netherlands, resisted the sovereignty requirements, and asked for an impact assessment.  France reportedly preferred the previous proposal, while Germany, a pivotal player, maintained an ambiguous silence.  As a next step, member states will submit written comments by the end of June 2023, including on the important question of the costs of compliance with the requirements envisaged for high level cybersecurity certification.

Continue reading

Taking democracy seriously: The Commission’s Infringement Action against Poland for violating EU law with the new law in Poland on the State Committee for the Examination of Russian influence

Blogpost 27/2023

Over the past years, backsliding EU member states have caused increasing concerns. For almost a decade, EU institutions have concentrated most of their efforts on defending the rule of law against attacks from member states. On 8th June, however, the European Commission seems to have broadened the scope of value enforcement. In a Press Release, the Commission has announced its most recent infringement action against Poland. This time the focus is not on reforms which undermine the independence of the judiciary and thereby violate an essential component of the rule of law. This time, the principle of democracy is the central element of the Commission’s concern. Considering that this is the very first time that a violation of the principle of democracy is invoked against member states, and given that EU law, to date, does not provide a clear answer as to what democratic standards member states are obliged to respect under Article 2 TEU, this is a ground-breaking development.Continue reading

The AI Act and European Health Data Space Proposal: Seeing ‘AI to AI’ With Each Other?

Blogpost 26/2023

Over the past few months, general-purpose artificial intelligence (AI) has emerged as a hot topic for policymakers. The ‘AI hype’ that followed the seemingly immediate success of the conversational bot ChatGPT has led to renewed calls for regulation in the EU, placing Large Language Models (LLMs) in the spotlight. Such models, which can be described as a subset of general-purpose AI that can process and generate human-like text, are increasingly being integrated into various industries. Healthcare is no exception, with potential applications ranging from clinical and operational decision-making to patient engagement. AI enthusiasts hope that LLMs will enable better communication between patients, physicians and healthcare workers, improve healthcare delivery or contribute to the advent of personal therapy bots. It remains to be seen which of these promises are feasible and realistic, but their capabilities have been and are continuing to grow exponentially, enabling them to reliably perform routine tasks for care providers like collecting information or navigating health record systems (an area of particular interest). Recent peer-reviewed studies have shown that virtual assistants and other AI-based tools can already perform many healthcare tasks better than specialist physicians, leaving experts wondering about the future of the human element in the patient experience.

Continue reading

X