This blog started out with week after week of data protection news. Just a mere year and a half later and all we seem to be getting are AI updates. I do pick and choose though, so maybe not as dynamic as we make it out to be?
🤖 Artificial Intelligence
The final text of the EU AI Act has been published in the OJ of the EU! Congrats and many abbreviations are in order. Though now we have a definite and easily accessible file on hand, we still have a lot to read through. In the meanwhile, here’s a great mindmap and tree table to guide you through the process. (do scroll down, you can thank me after the author). Also, the French Data Protection Authority (CNIL) published a dedicated Q&A. Watch this space for more resources, maybe we should have a dedicated section? (idk felt cute, might not later.)
🔏 Data Protection & Privacy
The European Data Protection Board (EDPB) released Statement 3/2024 on the role of data protection authorities (DPAs) within the framework of the AI Act. In the statement, the EDPB stresses the complementary nature of the AI Act and existing data protection laws like GDPR, advocating for DPAs’ involvement in supervising AI systems. DPAs possess the necessary expertise and independence to oversee high-risk AI systems, ensuring compliance with data protection principles. The EDPB recommends designating DPAs as Market Surveillance Authorities (MSAs) for high-risk AI systems to facilitate a unified regulatory approach. The statement highlights the importance of cooperation between various regulatory bodies, including the newly established AI Office, to avoid inconsistencies and enhance enforcement actions. Additionally, the EDPB calls for adequate resources for DPAs to handle new responsibilities under the AI Act. The EDPB emphasizes the necessity of involving DPAs in supervising general-purpose AI models that process personal data, ensuring compliance with EU data protection laws. This coordinated effort is crucial for maintaining individuals’ rights and fostering legal certainty in AI regulation.
🛒 E-Commerce & Digital Consumer
The CJEU dismissed the action brought by TikTok against the EC’s decision to designate it as a gatekeeper under the Digital Markets Act (DMA). Bytedance, which provides the TikTok platform, contested this designation, arguing that its impact on the EU market was not significant due to its main activities being in China and that it did not enjoy network effects or a durable position. However, the Court ruled that Bytedance met the DMA’s quantitative thresholds, including global market value and user numbers within the EU, justifying its gatekeeper status. The Court noted TikTok’s rapid user growth and significant engagement rates, especially among young users, which demonstrated its substantial impact on the internal market and its role as an essential gateway for business users to reach end users. Bytedance’s arguments regarding its competitive challenges from Meta and Alphabet were also rejected, as the Court emphasized TikTok’s rapid consolidation and strengthening of its market position. The Court concluded that the Commission’s assessment and the standard of proof applied were correct, and any minor errors did not affect the lawfulness of the decision. Thus, Bytedance’s claims of rights infringement and unequal treatment were also dismissed. Shocking turn of events.
In other news, the EC has informed X of its preliminary view that X has breached the Digital Services Act (DSA) in relation to dark patterns, advertising transparency, and data access for researchers. Following an in-depth investigation, the Commission identified three key areas of non-compliance. First, X’s design of its “verified accounts” with the “Blue checkmark” misleads users, allowing anyone to subscribe and obtain this status, which can be abused by malicious actors. Secondly, X fails to provide a searchable and reliable advertisement repository, obstructing transparency and supervision of online advertising risks. Thirdly, X restricts researchers’ access to public data, either through prohibitive terms of service or excessive fees for API access, hindering independent research. The Commission’s preliminary findings are subject to X’s right of defense. If confirmed, X could face fines up to 6% of its global annual turnover and be required to implement corrective measures. The investigation continues…
The United Nations Commission on International Trade Law (UNCITRAL) adopted the UNCITRAL Model Law on Automated Contracting at its 57th session. The Model Law establishes a legal framework to facilitate the use of automation in international contracts, including artificial intelligence and smart contracts, and machine-to-machine transactions. It complements existing laws on electronic transactions and builds on previous UNCITRAL electronic commerce texts, implemented in over 100 jurisdictions globally. The text is UNCITRAL’s first legislative text addressing legal issues in the digital economy and trade, with ongoing work on data contracts and distributed ledger technology. Further details to follow. Finally something to look forward to? (e-commerce-ers will understand.)
🐆 AI in the Wild
AI is ready to take on the real world? Fei-Fei Li, reportedly “the godmother of AI”, has launched World Labs, a startup that’s already worth over $1 billion after just four months. The company aims to make AI capable of advanced reasoning by processing visual data in a human-like way, which could revolutionize robotics, augmented reality, and more. The startup, backed by significant investors like Andreessen Horowitz and Radical Ventures, focuses on “spatial intelligence” to enable AI to understand and interact with three-dimensional environments. Take that, EU. jk jk
📄 Recommended Readings
Here are some –in no particular order– recent publications that piqued my interest this week. Remember to grab a cuppa and settle in for some riveting reading.
European Union ∙ ChatGPT, Are You Lawfully Processing My Personal Data? GDPR Compliance and Legal Basis for Processing Personal Data by OpenAI by Janos Meszaros, Davy Preuveneers, Elisabetta Biasin, Enzo Marquet, Irmak Erdogan, Isabela Maria Rosal, Koen Vranckaert, Lydia Belkadi & Natalia Menende
Do large language models have a legal duty to tell the truth? by Sandra Wachter, Brent Mittelstadt & Chris Russell
ChatGPT, Artificial Intelligence (AI) Large Language Models, and Law by Harry Surden
ICPEN Dark Patterns in Subscription Services Sweep Public Report by International Consumer Protection and Enforcement Network
Disclaimer: I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within. I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
If you’d like to see more recommended readings, visit the collection here.
If you have any thoughts or suggestions on how to make this digest even more enjoyable, feel free to drop a line. Your feedback is always welcome!
Featured image generated using DALL·E 3.
