DATA PROTECTION
EDPB adopts reply to LIBE on 2nd Additional Protocol to Cybercrime Convention, Guidelines on Codes of Conduct, letter on AI liability,
The European Data Protection Board ('EDPB') issued, on 24 February 2022, a press release, where it stated that it had adopted, among other things, a letter in reply to the European Parliament's Civil Liberties, Justice and Home Affairs Committee ('LIBE') regarding the Second Additional Protocol to the to the Cybercrime Convention ('the Protocol'), and in view of the two European Commission Proposals for Council Decisions authorising Member States to sign and ratify the Protocol. In particular, the EDPB recalled in its reply that the level of protection of personal data transferred to third countries resulting from the Protocol must be essentially equivalent to the EU level of protection and welcomed the safeguards included in the Protocol, such as the provisions on oversight. However, the EDPB noted that it regrets that the Protocol does not ensure that, as a general rule, information provided to individuals on access is provided free of charge. Furthermore, the EDPB recommended that the Member States reserve the right not to apply the direct cooperation provision enabling third country authorities to directly request EU service providers to disclose certain types of data.
Additionally, the EDPB noted that following public consultation, it had adopted a final version of the Guidelines on Codes of Conduct as a tool for transfers ('the Guidelines') and noted that the main purpose of the Guidelines is to clarify the application of Articles 40(3) and 46(2)(e) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').
Furthermore, the EDPB outlined that it had adopted a letter on artificial intelligence ('AI') liability, welcoming the Commission's initiative to adapt liability rules to the digital age and AI, in light of the evaluation of the Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products ('the Product Liability Directive'). Among others, the EDPB considered it relevant to strengthen the liability regime of providers of AI systems, so that processors and controllers can trustfully rely on those systems, noting that providers of AI systems should embed security by design throughout the entire lifecycle of AI.
Additionally, the EDPB noted that following public consultation, it had adopted a final version of the Guidelines on Codes of Conduct as a tool for transfers ('the Guidelines') and noted that the main purpose of the Guidelines is to clarify the application of Articles 40(3) and 46(2)(e) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').
Furthermore, the EDPB outlined that it had adopted a letter on artificial intelligence ('AI') liability, welcoming the Commission's initiative to adapt liability rules to the digital age and AI, in light of the evaluation of the Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products ('the Product Liability Directive'). Among others, the EDPB considered it relevant to strengthen the liability regime of providers of AI systems, so that processors and controllers can trustfully rely on those systems, noting that providers of AI systems should embed security by design throughout the entire lifecycle of AI.
