×

EU Policy Update - April 2024

EU Policy Updates 07-05-2024

In a nutshell: The EU telecom and consumer protection ministers met under the auspices of the Belgian Presidency. The ECON committee voted on the FiDA proposal. The European Parliament voted to change the procedural rules under GDPR and published a study on the resilience of EU elections. The EDPB set out its priorities for 2024-2027 and shared a Data Privacy Framework note. ENISA together with European Commission’s Joint Research Centre published an analysis on the Cyber Resilience Act requirements and standards. The European Commission published a call for evidence for evaluating the Terrorist Content Online Regulation. The European Political parties signed a pledge on EU elections transparency. The Czech Republic published its digital priorities for the years 2024-2029. The UN has published the zero draft of the Global Digital Compact.

The Belgian Presidency held a series of informal meetings of EU27 ministers on infrastructure security and consumer protection 

On 11-12 April, the EU 27 Telecommunications ministers met in Louvain-la-Neuve for an Informal Telecom Council. During the meeting, the Telecom ministers focused on Europe's digital revolution and agreed to improve cybersecurity and infrastructure security. According to the Belgian Presidencys press release, the European Telecom ministers want Europe to take control of its digital connection infrastructure, as it enables European citizens to be more resilient in the face of possible cyberattacks and technical incidents affecting critical communications infrastructure. According to the press release, the ministers recognised that critical infrastructure must remain primarily in European hands. On 19 April in Brussels, the European Consumer Protection Ministers exchanged views on key challenges of consumer protection within the Single Market and the digital transition. According to the press release, the Belgian Presidency noted that Consumer Protection Cooperation (CPC) Regulation has created a basis for robust cross-border enforcement, but its functioning assessment has highlighted the need for a revision to address existing shortcomings.

Data protection

ECON adopted amendments on the Framework for Financial Data Access 

On 18 April, the Committee on Economic and Monetary Affairs (ECON) of the European Parliament voted on its position on the Framework for Financial Data Access (FiDA) proposal. The proposal aims to facilitate the access to and reuse of consumer data across the financial sector (see our previous coverage here). The FiDA proposal includes an enforcement measure that could lead to a domain name deletion for non-compliant financial service providers. The ECON Committee has adopted an amendment filed by the Rapporteur which aligns the language of the article on domain name deletion with the already existing measure under the CPC Regulation. Unless the new Parliament, as chosen in the upcoming elections, decides to reopen the file at the committee level, the next step is the Parliament plenary vote in the next legislative term. Afterwards, the Parliament’s version of the proposal shall be the basis for the interinstitutional negotiations with the Council of the EU, which aims to finalise its own negotiation position by the end of the Belgian presidency in June 2024.

The European Parliament adopted its position on the GDPR procedural rules update 

On 10 April, the European Parliament adopted its position on the update of procedural rules of the General Data Protection Regulation (GDPR) during a plenary session. The European Commission published the proposal in July 2023 to improve the GDPR enforcement (see our previous coverage here). The Parliament’s version changes the procedural standards, facilitates filing of cross-border complaints as well as their handling. The supervisory authorities now have an obligation to respond with a preliminary conclusion within three weeks after receiving a complaint. Cooperation among supervisory authorities should also be streamlined, as the access to the documents shall be shared among the concerned supervisory authorities. This position of the European Parliament will be used in the interinstitutional negotiations with the Council of the EU, which is still working on its own position. 

The European Data Protection Board set its priorities for 2024-2027 and shared a Data Privacy Framework note 

On 18 April, the European Data Protection Board (EDPB), presented its priorities for the upcoming years 2024-2027 across four pillars. In the context of the first pillar on “Enhancing harmonisation and promoting compliance”, the EDPB wants to continue providing guidance on the application of GDPR, including by supporting certification and GDPR Codes of Conduct. Regarding the second pillar on “Reinforcing a common enforcement culture and effective cooperation”, the EDPB wants to pursue the commitments made in the Vienna Declaration. Namely, the EDPB “will continue to foster the identification of strategic cases for which cooperation will be prioritised and to provide methodologies and tools promoting a harmonised approach to investigation and enforcement”. The EDPB also reiterates its commitment to the smooth functioning of the “One Stop Shop” principle. In the third pillar on “Safeguarding data protection in the developing digital and cross-regulatory landscape”, the EDPB wants to promote consistency in the context of implementing the Artificial Intelligence Regulation, the European Data Strategy and the Digital Services Package. Finally, in the last pillar the EDPB wants to promote “a global dialogue on privacy and data protection,” and promote high data protection standards internationally. The EDPB also published an information note on the EU-US Data Privacy Framework. The EDPB clarifies the implications on “data subjects in the EU and for entities transferring personal data from the EU to the US” under the EU-US adequacy decision applicable from 10 July 2023.

Cybersecurity 

ENISA and the Joint Research Centre published a joint analysis on Cyber Resilience Act requirements and standards 

On 4 April, ENISA and European Commission's Joint Research Centre published a joint analysis mapping Cyber Resilience Act (CRA) requirements with existing security standards to facilitate compliance of digital products manufacturers with the legislative framework. The standardisation efforts of the following organisations have been taken into consideration when drafting the report: CEN/CENELEC, ETSI, ISO, IEC, ITU. The report mapped existing standards issued by the aforementioned standard-setting organisations and legislative requirements under the CRA. In addition, the report also highlighted the existing gaps where more standardisation efforts are needed. For example, the report recognised that the hardware design part is less covered compared to software. In addition, there is a lack of a single standard that comprehensively addresses all aspects of vulnerability management, including patch management and handling updates from CERTs. The report concludes that the analysis offers reassurance that a good international cybersecurity standardisation base exists, but harmonisation is needed to ensure a homogenous horizontal coverage”.

Content moderation 

The European Commission published a call for evidence for TERREG evaluation 

On 11 April, the European Commission opened a call for evidence in support of its periodic evaluation of the Terrorist Content Online Regulation (TERREG). The Regulation seeks to curb the spread of terrorist content online, including content aimed at radicalising and recruiting new followers. The evaluation will feed into reporting on implementation of the Regulation, including its impact on fundamental rights and its contribution to public security. TERREG entered into force in 2022 (see our previous reporting here), and primarily targets hosting service providers which are required to remove terrorist content within one hour upon receipt of a removal order. Under Article 23 of the TERREG, the Commission shall carry out by June 2024 an evaluation of the effectiveness of TERREG application, and submit a report to the European Parliament and to the Council on its application. Possibility to provide public feedback on TERREG application is open until 9 May.

EU elections

The European Parliament published a study on the resilience of EU elections 

On 8 April, the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs published a study on “Resilience of Democracy and European Elections against New Challenges” at the request of the Civil Liberties, Justice and Home Affairs (LIBE) Committee. The study identifies challenges to the EU’s democratic resilience and electoral processes, and maps political and legislative responses to counter them, in the run-up to the 2024 European Parliament elections. It also provides specific policy recommendations to further enhance the protection of democracy in the EU. Amongst many challenges to democratic processes, the study highlights disinformation campaigns, funding of political parties and interest representation groups, cyberattacks and other forms of hybrid warfare from third countries. Amongst further policy recommendations to tackle challenges to democracy and elections, the study recommends to 1) plan ahead and propose key measures to protect democracy and elections at the start of a new legislative term, giving sufficient time to stakeholders to provide their contributions; 2) attribute a specific portfolio on ‘democracy’ to one of European Commission’s Vice-Presidents; 3) subject MEPs to supervision by the political groups in the EP and act swiftly if any MEP has committed any criminal or unethical deed; 4) increase bilateral and multilateral cooperation with likeminded states within TTC and G7.  

European political parties signed an electoral pledge on EU elections transparency 

On 9 April, the International Institute for Democracy and Electoral Assistance, together with European political parties and the European Commission, published a voluntary code of conduct on the 2024 European elections, signed by all major European political parties. The electoral pledge identifies disinformation as a threat to free and fair elections. In order to safeguard them, the pledge contains a number of commitments for both online and offline activities as well as for paid and unpaid communications. Among them is the commitment to transparent financing of electoral campaigns, refraining from using discriminatory language and hate speech during campaigning, abstaining from using artificial intelligence for creating deceptive content. The commitments also include the transparency of political advertising by refraining from publicising political ads sponsored by undeclared interests, to adhere to online platforms transparency policies, and to “refrain from using manipulative tactics, techniques, and procedures to amplify political messages and from using sensitive data for microtargeting.” Finally, the pledge calls on political parties to “proactively avoid amplification of narratives lead by entities and actors from outside the EU […], especially when those seek to erode European values and principles”. 

The Czech Republic published its digital priorities for the years 2024-2029 

The Czech government has published a document outlining the priorities for the upcoming years 2024-2029. The Czech Republic wants to be an active player supporting “safe, reliable and sustainable digital transformation” which should be anchored in “human rights and democratic values, including by defending free and open internet”. As the 2019-2024 Commission mandate was active on legislation, the following mandate should be focused on uniform implementation to finish the Digital Single Market, the paper notes. Among the priorities is also the support for a “safe and resilient cyber space and digital infrastructure” in which the Czech government suggests increased focus on securing the ICT supply chain. Furthermore, to reach functional cross-border solutions the document suggests using open source and the “sharing and reuse of interoperable solutions” for implementation of projects like the EU Digital Wallet. The sharing of know-how among Member States and the EU institutions is also underlined. 

Internet governance

United Nations published the draft of the Global Digital Compact  

On 1 April, the United Nations published the zero draft of the Global Digital Compact (GDC). The document is following the 2021 “Our Common Agenda” report by the UN Secretary-General António Guterres. The draft aims to reach “an inclusive, open and secure digital future for all.” You may read CENTR’s initial feedback here. The document puts forth 5 objectives containing a series of thematic clusters and related commitments to be reached by 2030. With regards to the digital public goods and infrastructure, the draft notes that “safe, inclusive and interoperable digital public infrastructure has the potential to deliver services at scale and increase social and economic opportunities for all”. To that end, the document commits the parties to “develop, disseminate and maintain” open standards created through multistakeholder cooperation. The Internet Governance cluster identifies internet as a “critical global resource for inclusive and equitable digital transformation”, which in order to remain as such must be “stable and unfragmented”. The draft highlights the Internet Governance Forum (IGF) as a key multistakeholder platform for internet governance, that should be supported and whose participation should be further diversified. The future of the IGF’s mandate will be determined in 2025 during the World Summit on the Information Society (WSIS+20), taking place 20 years after the 2005 WSIS Tunis conference which resulted in the creation of the IGF. The WSIS review is therefore expected to support the practical implementation of the Compact. The zero draft will be treated as a starting point in a discussion on the final version of the text, which is to be adopted during the Summit of the Future in September 2024. Afterwards, the GDC will then be reviewed every two years, with the first review taking place in 2025 during the 80 UN General Assembly meeting.

Published By Polina Malaja
Polina Malaja is the Policy Director at CENTR, leading its policy work and liaising with governments, institutions and other organisations in the internet ecosystem.
Published By Filip Lukáš
Filip is the Policy Advisor at CENTR, advising members on relevant EU policy and liaising with governments, institutions and other organisations in the internet ecosystem.