Welcome back to the Centre for Democracy & Technology Europe’s (CDT Europe) Tech Policy Update. This edition dives into the latest debates on technology and internet policy across Europe, the U.S., and globally, offering CDT’s insights on the impact on digital rights. For more updates, sign up for CDT Europe’s AI newsletter on our website. Feel free to contact our team in Brussels: Asha Allen, Silvia Lorenzo Perez, Laura Lazaro Cabrera, Aimée Duprat-Macabies, David Klotsonis, and Jonathan Schmidt.
Security, Surveillance & Human Rights
Reflecting on the Pegasus Scandal
On May 15, CDT Europe hosted a high-level panel discussing the Pegasus spyware scandal, its revelations about government surveillance dangers, and the future of combating spyware in the EU. Despite the European Parliament’s adoption of the PEGA Committee’s report in 2023, significant EU-level action against civilian-targeted spyware is still lacking. In October 2023, the Council of Europe’s Parliamentary Assembly urged the EU to set standards and monitor data protection and surveillance practices.
Key Points:
- International Initiatives: Global efforts like the Pall Mall Process and U.S. initiatives highlight the need for regulatory measures to protect human rights.
- Expert Panel: The event featured Sophie in ‘t Veld (MEP), David Kaye (UC Irvine), Anna Buchta (European Data Protection Supervisor), and Iverna McGowan (UN Human Rights Office), moderated by CDT Europe Deputy Director Asha Allen.
- Discussion Highlights: The panel emphasized the EU’s insufficient action on spyware, its incompatibility with human rights, and the need for democratic debate on its civilian use.
Civil Society Roundtable: Following the panel, a roundtable moderated by Silvia Lorenzo Perez allowed European partners to discuss regulatory pathways, keeping the issue of spyware prominent on the EU’s agenda.
Recommended Read: Silvia Lorenzo Perez’s op-ed on Euractiv, “Governments spying on citizens: Who is to blame, what can the EU do?”
Online Expression & Civic Space
Addressing Online Gender-Based Violence (GBV)
In early May, the Council of the EU adopted the Directive on violence against women and domestic violence, a significant step before the law comes into force for all EU member states by 2027. This law, alongside the EU Digital Services Act, sets a new precedent in tackling online GBV.
Key Events:
- CPDP Conference: Asha Allen spoke on “The Deepfake Dilemma” panel, focusing on deepfakes and online GBV, particularly its impact on black women and minoritized groups. The panel was groundbreaking, featuring only black women technologists and policy experts.
- Glitch UK Panel: The panel discussed the rise of online GBV and critiqued EU regulatory frameworks addressing non-consensual intimate images.
- Joint Event with the Brussels Binder and UK Mission: Asha Allen explored whether the new Directive will change the digital ecosystem and improve protections against online GBV.
Important Insights: Asha highlighted the need for intersectional feminist approaches in AI and tech policy to ensure effective remedies for all communities.
Recommended Read: David Klotsonis shared insights from the Fifth DSA Civil Society Roundtable Series event.
Equity and Data
The AI Act: A New Chapter
The AI Act received its final approval on May 21, and the European Commission announced the setup of the AI Office to oversee the Act.
Key Highlights:
- Impact on Freedom of Expression: Laura Lazaro Cabrera explained how the AI Act aims to curtail threats to freedom of opinion by banning AI-fueled manipulation, but the bar for applying these bans is high.
- Disclosure Obligations: The Act requires actors using AI to create synthetic content to disclose it, though less robustly than other legislation like the Political Ads Regulation.
- Law Enforcement Exceptions: The Act allows exceptions for law enforcement use of synthetic content, creating a new vector for lawful AI-reliant tactics.
Event Highlights:
- CPDP Panels: Laura Lazaro Cabrera discussed the AI Act’s risk-based and rights-based approach at a panel organized by Data Privacy Brazil, comparing it with Brazil’s AI bill.
- Neurotechnology Regulation: Laura highlighted the need for consistent safeguards for both health applications and direct-to-consumer neurotechnology due to similar privacy risks.
