Introduction
The European Data Protection Supervisor (EDPS) and the Data Protection Officer (DPO) network of EU institutions convened to address compliance with data protection laws, focusing on Regulation (EU) 2018/1725 and the AI Act Proposal. The meeting aimed to enhance accountability, discuss the responsible use of AI, and ensure robust data protection measures within EU institutions.
Description
The European Data Protection Supervisor (EDPS) and the Data Protection Officer (DPO) network of EU institutions convened on 27 November 2024 to discuss compliance with data protection laws, particularly focusing on Regulation (EU) 2018/1725 and the ongoing negotiations surrounding the AI Act Proposal, which is set to take effect on 1 August 2024. This meeting included key updates on current data protection case law and technology-monitoring efforts [1], notably the TechSonar Report 2025 [1], which addresses developments in Artificial Intelligence technologies.
Workshops were conducted to enhance accountability through practical measures, emphasizing storage limitation and the implementation of data protection impact assessments (DPIAs) [1] [4]. A significant portion of the meeting was dedicated to the application of the AI Act alongside Regulation (EU) 2018/1725 [1], outlining initiatives for the responsible supervision of AI tools within EU institutions [1] [4]. The EDPS highlighted the importance of ensuring that users of high-risk AI systems have rights, including the ability to obtain human intervention, contest decision-making outputs [2], and receive explanations regarding decisions that significantly impact them [2]. Plans were discussed for establishing a network of AI correspondents to promote a human-centric approach that mitigates associated risks [4].
Additionally, the meeting underscored the obligation of EU institutions to report personal data breaches to the EDPS within 72 hours [1] [4], reviewing mechanisms for preventing and detecting such breaches [1] [4]. The ongoing collaboration between the EDPS and DPOs remains crucial for maintaining privacy and data protection in the evolving digital landscape [1]. The EDPS clarified its future role as the AI supervisor within the EU [2], emphasizing the need for a cohesive European approach to ensure effective enforcement of the AI Act. Both the GDPR and the EU AI Act adopt a risk-based approach [3], requiring comprehensive documentation of data processing activities and effective management of third-party collaborations to enhance compliance [3], transparency [3], and customer trust while mitigating legal risks [3].
Conclusion
The meeting reinforced the importance of a unified approach to data protection and AI regulation within the EU. By focusing on accountability, user rights, and robust reporting mechanisms, the EDPS and DPO network aim to foster trust and transparency. The collaboration between these entities is vital for navigating the challenges of the digital age, ensuring that EU institutions remain at the forefront of data protection and AI governance.
References
[1] https://www.edps.europa.eu/press-publications/press-news/blog/edps-dpo-network-unified-approach-safeguarding-personal-data-across-eu-institutionsen
[2] https://ije.be/nl/news/partnerblog/european-data-protection-supervisor-releases-new-opinion-on-the-eu-s-proposed-ai-act
[3] https://www.eqs.com/compliance-blog/gdpr-ai/
[4] https://www.edps.europa.eu/press-publications/press-news/blog/edps-dpo-network-unified-approach-safeguarding-personal-data-across-eu-institutionsfr