What does 2023 have in store for EU data compliance?

What does the EU have in store for us this year? 

‍

The year is off to a good start in the European legislature. The European Commission, the body responsible for drawing up proposals for legislation, is running around in a frenzy (probably, though we can’t verify that actual running is taking place), preparing for the coming European elections in 2024. Because of this upcoming election, European policymakers will try and close a few legislative files this year. We’ll set out the most important files in privacy and security below. 

‍

Meta and DPC are fighting

Ah, Meta (a.k.a. Facebook and Instagram), where would we be without you? Certainly, our lives would be emptier due to  the lack of cat videos and young people doing weird dances, and this might become a dark reality. In July 2022, the Irish Data Protection Authority published a draft decision which would make it impossible for Meta to transfer personal data from Europeans to its headquarters in the US under Standard Contractual Clauses. Meta wasn’t too happy about this, as it would mean that Facebook and Instagram services would have to completely shut down operations in Europe. 

This case between Meta and the Irish DPC is facing an article 65 dispute resolution mechanism. Hopefully, they’ll work it out this year; otherwise we have to find another social medium to get addicted to. 

‍

The new European Data Act

The new European Data Act is set to come into force this year. Unlike the misleading name suggests, this is not a new version of the GDPR. In fact, it covers a number of different areas, including data sharing between businesses and governments. Though the Data Act is officially being presented as aiming to increase trust and facilitate data sharing across the EU and between sectors, it also specifically benefits governments’ ability to access private sector data. Since the Act is still in its draft phase, the specific implications on businesses and individuals remain to be seen, but privacy professionals everywhere are waiting with bated breath. Or, you know, just waiting. 

‍

Shaping Europe’s digital future

The European Commission is leading the way in the regulation of our collective digital future, which can only be applauded. Europe is taking the world’s first stab at establishing a regulatory framework for AI with its Artificial Intelligence Act. Though AI can benefit all of our lives, not in the least in terms of efficiency and cost (thank you, self-driving trains where we don’t have to worry about rail strikes), the dangers of AI have not gone unnoticed to Europe’s legislature. From invasions of privacy to autonomous weapons, AI has the ability to impact all of our lives in very real ways. Since Europe has a first-mover advantage in this area, it will likely try to finalise negotiations before the end of 2023. 

In September 2022, the commission proposed the Cyber Resilience Act, which aims to introduce minimal security requirements for connected products, whether that is hardware or software. The scope of the law stretches to products with digital elements whose intended, or reasonably foreseeable use,  includes a direct or indirect logical or physical data connection to a device or network. 

That covers pretty much everything that we know so far. Europe is taking significant  protective steps forward with this Cyber Resilience Act, since too many companies, big and small, l are not aware of their cyber responsibilities regarding the data that they hold, both from customers and employees. 

‍

So there you have it, a whistle stop tour of some of the key changes coming to EU data compliance in 2023. If you’d like to stay up-to-date with developments as they happen and receive expert analysis and guidance on ensuring your organisation remains compliant, sign up to our newsletter. We’ll make sure you don’t fall foul of the regulators when these new rules come into effect.