GDPR News » IAPP Europe Data protection congress 16-17 November 2022

The IAPP Europe Congress has already come to an end after two intensive days of keynotes and networking. The main questions in the air were the UK data reform, how the GDPR is enforced in the EU and abroad, and how EU-US data transfers will unfold.

Here are some key takeaways from the Congress:

🔐 Lively debate between Max Schrems, Eduardo Ustaran and Caitlin Fennessy on the USExecutiveOrder (EO): according to Schrems, the main issues are that the EO does not establish a real court as that concept is understood under the CJEU’s standards and that the EU and the US don’t agree on the meaning of the term ‘proportionality’

🔐 the FTC said that they have bilateral arrangements in place to cooperate and collaborate on specific enforcement actions with DataProtectionAuthorities around the world but that this topic is too sensitive to discuss publicly

🔐 Bruno Gencarelli stated that the next set of SCCs (between controllers/processors that are both subject to the GDPR) are expected in the first half of 2023

🔐 The new UKDataProtectionReform will not be submitted to public consultation, but round tables will be organized to discuss specific issues with stakeholders

🔐 Multi-jurisdiction compliance is a growing issue. The solution is to tweak a global baseline to keep consistency at a reasonable level of compliance. It’s also time to rethink our privacy policies: having just one may not be the right approach anymore.

🔐 DSA, DMA and other new legislation: there are intersections between them but there are also many conflicts. We need a more coherent EU approach.

🔐 Didier Reynders: the EU-US data transfer adequacy decision is expected in spring 2023

🔐 the newly proposed EDPBguidelines on the obligation for non-EU companies to notify DataBreaches to data protection authorities in multiple EU jurisdictions are a major headache for non-EU companies. Setting up an establishment in the EU to avoid this obligation may not be sufficient as the DPA’s will look into whether the establishment serves a real purpose.

🔐 Nina Schick explained the great potential but also the real dangers of GenerativeAI. By 2030, 90% of digital productions is expected to be synthetic AI-generated content. Neither humans nor AI will recognise synthetic from authentic content. This new future will be powered by data, whether gathered appropriately or not.