Privacy, the EU Guarantor multiplies "corrective" interventions: cloud and artificial intelligence in the crosshairs

Data protection in applications based on new generation technologies is particularly monitored by Edps. Focus on data transfer to the US and on the use of datasets and biometrics by law enforcement agencies 20 Apr 2022 Patrizia Licata Journalist

The EU Privacy Guarantor (EDPS) has increased the use of its "corrective powers'' during 2021. Under the lens, as evidenced by the Annual Report 2021, the monitoring of compliance with the GDPR but also with the Schrmes II ruling on the transatlantic transfer of data. Among the most relevant activities are the ordinance against Europol for the deletion of data relating to persons who have no established connection with a criminal activity, the request to ban the AI for facial recognition in areas with access public, verifications on the transfer of personal data of European institutional users of Amazon and Microsoft cloud services and the survey on the impact of Covid-19 on privacy. This year was also unprecedented in terms of EDPS advice provided to the EU legislator: the Guarantor totaled 88 opinions in 2021, including formal comments, compared to 27 in 2020. Edps also continued to actively participate in the work of the European Data Protection Committee (EDPB), proposing or participating in a series of initiatives. European Supervisor Wojciech Wiewiórowski commented on the report as follows: "A couple of years have passed since the entry into force of a series of EU data protection laws. Enough time has passed to expect EU institutions to fully comply with these laws. Edps wants strong European institutions. This strength can, however, only be based on full compliance with applicable laws. No other foundation can bring long-term results ". These are some of the salient information of the report. Index of topics • International transfer of personal data • Covid-19 and data protection, continuous monitoring • Freedom, security and justice: the case of Europol • The digital future of the EU and the artificial intelligence act • The TechSonar: the 6 trends of 2022 for privacy International transfer of personal data Following the Schrems II judgment of the Court of Justice of the European Union, the European Supervisor has pursued and launched various activities and initiatives in the framework of the Edps strategy to ensure that EU institutions, bodies and bodies (Eui) comply with the judgment published on 29 October 2020.

The EDPS strategy in this area aims to ensure and monitor the compliance of the EU with the ruling on transfers of personal data outside the EU and the European Economic Area, in particular in the United States. In this regard, in May 2021, Edps launched two investigations: one on the use of cloud services provided by Amazon web services and Microsoft as part of the Cloud II contracts by the Eui, and one on the use of Microsoft Office 365 by the European Commission. Covid-19 and data protection, continuous monitoring Throughout 2021, Edps continued to monitor the Covid-19 pandemic and its impact on data protection through its dedicated task force, initially established in 2020. As the EU's data protection authority and as an employer, the Guarantor has produced guidelines and other initiatives to support the Eui in their data processing activities during this period. In particular, the Edps conducted a survey asking all the EUIs how they changed or developed new data processing processes as a response to the pandemic (for example, the communication of positivity to Covid or joining the vaccination campaign) and smart working . The results of the survey have already been shared with the data protection officers of the Eui and will soon be made public; they will contribute to updating the Edps guidelines or creating new standards. Freedom, security and justice: the case of Europol Some of the most important interventions in the area of freedom, security and justice include the supervision activities on the processing of personal data by Europol, the EU agency for cooperation between law enforcement agencies. In 2021, Edps increased the use of its corrective powers. Among the executive actions taken this year, particular importance is attached to the decision to order Europol to delete data sets without established links to criminal activities, which Edps sees in the context of respect for the rule of law. Edps also supervised Europol on the use of machine learning tools (continuing an activity that started in 2019). The Supervisor suggested that Europol set up a go-to framework for internal governance to ensure that, in the course of developing automated learning models, Europol identifies the risks to fundamental rights and freedoms posed by the use of these innovative technologies. The digital future of the EU and the artificial intelligence act The Edps has also published opinions on the new European laws Digital markets act and Digital services act. For the Digital Services Act, he underlined the opportunity for further measures to protect individuals online, in particular in the areas of content moderation, targeted advertising and recommendation systems used by digital platforms such as social media and e-commerce marketplaces. . The Edps also published an opinion on the European Commission's proposal for an Artificial Intelligence Act calling for the ban on AI for the automatic recognition of human features in public spaces. The TechSonar: the 6 trends of 2022 for privacy In 2021, Edps created a new annual report, the TechSonar, with the specific goal of anticipating emerging technological trends and better understanding their future developments, in particular the potential implications for data protection and people's privacy. The Edps firmly believes that, instead of reacting to new emerging technologies when the risks to society have already developed, we should be able to anticipate their developments. This would allow us to ensure that these technologies are developed, from the earliest stages of their conception, according to the fundamental rights of people. The first 2021 TechSonar report focused on six technological trends that will impact privacy in the immediate future: anti-Covid vaccination certificates (green passes); the data generated synthetically; digital currencies issued by central banks; the technologies for “Just walk out” shopping, that is the fully digitized shop without a cash desk; continuous biometric authentication, and digital treatments (digital therapeutics).

COMMENT: We have always been on the side of privacy protection and consider human and technological spies to be very abominable. As for the digital currencies of central banks, CBDCs, our solution based on a very strong cryptography does not contain absolutely any personal or biometric data of the currency holder, except the IP address from which it operates. The cipher and the inviolable encrypted data appear on his multi-currency bank account. The same applies to wallets of companies or traders.