Welcome to the European Centre for Democracy and Technology’s Technology Policy Brief. In this spring edition, we take a look at the spring’s most pressing technology and internet policy issues being debated in Europe, the US and internationally, and provide CDT’s perspective on the implications for digital rights. To sign up for the CDT Europe AI newsletter, please visit our website.
Please feel free to contact our team in Brussels: Asha Allen, Silvia Lorenzo Perez, Laura Lazaro Cabrera, Aimée Duprat-Macabies, David Klotsonis and Jonathan Schmidt.
Upcoming Events: What’s Next for Anti-Spyware in the EU
Graphic of high level event spyware at EU events.
On May 15, CDT Europe will host an online high-level event to discuss the aftermath of the Pegasus spyware scandal and its global impact. In 2021, the Pegasus scandal shocked the world and highlighted the dangers of government surveillance enabled by modern technology. Despite multiple calls for action, meaningful progress at EU level remains elusive, urging civil society to take the lead and advocate for a human rights-protecting approach.
With the EU elections approaching, our expert panel of representatives from key EU and global institutions will take an in-depth look at the urgent need for regulatory action against the misuse of spyware technology in the upcoming legislative period. For more information and to RSVP, please visit the CDT website.
AI laws fail to meet human rights standards
On March 13, the European Parliament approved an AI law with the ambitious goal of setting a global standard for strong human rights protections, but the final result is disappointingly lacking. Initially promising parts of the law, such as the requirement to conduct fundamental rights impact assessments and bans on certain types and uses of AI systems, are too watered down or limited in scope.
While the law takes a landmark step by imposing various obligations on high-risk AI providers, loopholes allow providers to self-assess their AI systems to remove them from the high-risk category, ultimately allowing them to avoid liability.
To provide you with a comprehensive understanding of this groundbreaking regulation, we have compiled a few commentaries. The first provides a detailed overview of EU AI law, while the second delves into the law’s privacy and surveillance issues. Stay tuned for our next commentary!
Civil Society Coordination Group on Digital Services Act Meets to Develop Recommendations
On April 17, CDT Europe and the Open Government Partnership hosted the fifth event of their Civil Society Roundtable series in Brussels. Supported by the Belgian Presidency of the Council of the European Union, the event brought together over 90 participants from a diverse coalition of EU Member States, representatives of institutions and national regulators, civil society organizations, academics and technologists to discuss the implementation of the Digital Services Act.
A photo of the DSA Civil Society Coordination Group holding a poster with the organization’s logo.
In technical workshops covering different areas of DSA, CDT Europe’s partners from the DSA Civil Society Coordination Group led participants in developing recommendations on how stakeholders can work together more formally.
Several key insights emerged: For civil society to play a role in implementing and enforcing the DSA, it must be able to participate equitably in the process. This requires clearer, formal mechanisms for consultation and collaboration between institutional actors and civil society organizations to ensure effective resource allocation. There also needs to be clearer clarification of how institutional actors will collaborate on implementing the DSA, as well as the overall timeline for when that enforcement will occur.
As the DSA sets regulatory trends globally, other jurisdictions will increasingly take lessons from the EU on how to design and implement platform governance rules. In that sense, a human rights-first approach, including strong and meaningful collaboration with civil society, is essential.
Examining the impact of digital regulations on human rights and freedom of expression
On March 19, CDT Europe and Future for Free Speech held a symposium on the broader impact of laws such as the AI Act and the Digital Services Act (DSA) on human rights.
A photo of four speakers, including Laura Lazero Cabrera (far left) of CDT Europe, at a panel discussion on the human rights impact of AI law.
Laura Lazaro Cabrera, General Counsel and Program Director for Fairness and Data at CDT Europe, moderated a panel that focused on the path to adopting the AI Law. Participants discussed the main demands made by civil society throughout the negotiations, including strengthening the prohibition of AI systems that pose unacceptable risks and comprehensive identification of high-risk deployments of AI systems. Discussants also considered how the final text of the Law was generally received by the broad range of actors involved in the negotiation process.
The panelists emphasized that the law, which requires AI systems to undergo fundamental rights impact assessments and bans certain AI systems, is a positive step towards protecting human rights. They also discussed the shortcomings of the law, such as loopholes that allow providers to self-assess the risk category of their AI systems and exceptions to the ban on AI systems.
Another session focused on what the DSA means for freedom of expression. Asha Allen, Acting Director and Online Expression Program Director at the CDT European Office, reflected on what the regulation has done well and where challenges remain. Panelists explored how key provisions are being implemented and what stakeholders need to ensure the regulation of the DSA is successful. Participants also discussed how to monitor effective, human rights-centered enforcement of the DSA, and how to prevent a race to the bottom, both in terms of industry compliance and enforcement overreach by regulators. You can watch the full event on the Future for Free Speech website.
How can civil society most effectively shape general purpose AI regulation?
General purpose AI was central to a civil society workshop co-hosted by the Ada Lovelace Institute and SaferAI on April 24. The workshop focused on how AI law regulates general purpose AI models and the upcoming process that the AI Office will lead to develop industry standards (codes of conduct) for these models. Asha Allen from CDT Europe highlighted lessons learned from civil society engagement in the process of ensuring that DSAs comply with the EU Code of Conduct.
Participants expressed concern about the drafting process for the Code, which is constrained to a tight nine-month timeline with limited civil society engagement, which could lead to disproportionate private sector influence and significant risks being overlooked. Civil society therefore needs to ensure there are ways for it to provide meaningful and influential input, including by developing a “shadow” version of the Code that addresses risk concerns more comprehensively.
Why Spyware Technology Should Be Regulated
The recent discovery that around 600 people were targeted with Pegasus spyware under Poland’s former government has given new importance to the issue of spyware surveillance. Silvia Lorenzo Perez, Program Director for Security, Surveillance and Human Rights at CDT Europe, spoke about these trends and how spyware technology can be regulated at the European Cyber Agora, hosted by the German Marshall Fund of the United States.
Five panelists, including Silvia Lorenzo Perez of CDT Europe, pictured at the panel “Cyber mercenaries: searching for policy solutions” at the European Cyber Agora.
Silvia stressed that precise definitions within legal frameworks that adapt to the evolving situation and protect human rights in the digital sphere are crucial. Narrowly defining the concept of cyber mercenaries and implicating only individual actors, developers and vendors allows states to avoid accountability for their actions. The Pegasus scandal has exposed the fact that governments are abusing cyber tools and spyware against their citizens at home and abroad. Silvia argued that these states must be held accountable.
The Pall Mall Process is a laudable step in combating the spread of spyware, but an opportunity to address serious human rights issues should not be missed. Meaningful civil society involvement in this process is key. NGOs need to be at the table to amplify the voices of those affected by spyware. CDT Europe is closely monitoring developments in this area and working to ensure that fundamental rights are given top priority in regulatory activity.
CDT Europe team continues to grow
A graphic showing the photos, names and job titles of new CDT Europe staff members David Klotsonis (Policy and Research Officer), Jonathan Schmidt (AI Policy Fellow) and Aimée Duprat-Macabies (Advocacy and Communications Officer).
We are pleased to warmly welcome our new team members, Aimée Duprat-Macabies and Jonathan Schmidt. Aimée joins as Advocacy and Communications Officer, bringing her expertise and passion for effective communication to our mission. Jonathan joins as an AI Fellow. His expertise in artificial intelligence will undoubtedly enrich our research initiatives and deepen our understanding of this rapidly evolving field.
“I would also like to congratulate David Krotsonis on his promotion to Policy and Research Officer. David’s dedication and insightful contributions have been invaluable to our organization, and I am pleased that he will continue to excel in this new role.”
🗞️ Press Corner
Other publications and activities of CDT Europe