Enforcing Digital Regulation in Times of Omnibus — Transcript

Panel discussion on challenges and constitutional principles in enforcing EU digital regulation amid evolving omnibus laws.

Key Takeaways

Enforcement of EU digital regulation is complex due to overlapping laws and multi-level governance.
Constitutional principles like independence and accountability of regulators are crucial for legitimacy.
Cooperation between EU and member state authorities is essential but challenging to implement effectively.
The digital omnibus law attempts to address legal uncertainty but does not fully resolve enforcement issues.
Experience from GDPR enforcement provides useful lessons for new digital regulatory frameworks.

Summary

The panel focuses on enforcement challenges of European digital regulation, especially under the new omnibus framework.
Discussion highlights the complexity of coordinating multiple digital laws like the DSA, GDPR, and AI Act.
Speakers emphasize the importance of constitutional principles such as regulator independence and accountability.
Enforcement difficulties arise from fragmented legislative silos and cooperation between EU and member state authorities.
The legitimacy of digital regulation enforcement is questioned due to procedural complexity and overlapping jurisdictions.
The panel explores the role of new EU agencies, such as the AI office, and their cooperation with national regulators.
Legal uncertainty remains an issue despite attempts by the omnibus to clarify rules for companies and regulators.
Practical enforcement challenges include handling AI systems on platforms and coordinating multi-level regulatory actors.
Experience from GDPR enforcement is seen as a valuable precedent for future digital regulation enforcement.
The discussion also touches on citizen engagement, multistakeholder involvement, and capacity building for regulators.

Chapters

Full Transcript — Download SRT & Markdown

Speaker A

Okay, I think we can start. Uh, first of all, you know, like, uh, let me say, I mean, definitely it is our pleasure to be here for this panel talking about enforcement. You know, that it's actually one of the most, like, I would say, because

Speaker A

we are here with this panel one of the most interesting topic to talk about I must say so I'm join Gregorio and I'm the PMJ chair in law technology at Catholica Global School of Law in Lisbon and I will be the moderator for this

Speaker A

we are here with this panel, one of the most interesting topics to talk about, I must say. So I'm joined by Gregorio, and I'm the PMJ chair in law technology at Catholica Global School of Law in Lisbon, and I will be the moderator for this

Speaker A

this panel that actually what it matters why we are here. Uh the reason why we organized the SP is because most of the attention is very much focused if you think about even with the omnibus uh pretty much on you know like the

Speaker A

session. I'm the one without the picture, basically, you know. Um, okay, so basically just a couple of words, and then before to give the floor to our speakers, um, just a couple of words of why we decided actually to set this panel, to organize

Speaker A

the DSA many other questions they are very much substantive but one of the big question and challenge for European regulation broadly speaking for the European digital agenda is about enforcing all the system that's been created in the last I mean five years

Speaker A

this panel, that actually what it matters, why we are here. Uh, the reason why we organized the SP is because most of the attention is very much focused, if you think about even with the omnibus, uh, pretty much on, you know, like the

Speaker A

order also you know for European digital regulation to deliver its own promises. So that's actually is the background of the reasons why we decided to you know like uh open this u this this this conversation. It's a broader project

Speaker A

coordination between, you know, like substantive pieces of law and legal instruments and regulation. So, you know, talking about, I don't know how the GDPR interacts with the AI, you know, with the AI act, like, I think questions related to

Speaker A

know, basically like basically overarching question and then we, you know, we will collect your answer at the end of the four presentation. That's actually how it's supposed to work. So, and the first one in line is Simona that

Speaker A

the DSA, many other questions, they are very much substantive. But one of the big questions and challenges for European regulation broadly speaking, for the European digital agenda, is about enforcing all the system that's been created in the last, I mean, five years,

Speaker A

worked actually on different issues relating your constitutional law administrative law and she has also recently uh published like a book about automated decision making and effective remedies with Edar in 2023. That is actually one of the first points that

Speaker A

even a little bit more now. So this actually is the big question, actually, that we're wondering is about what is actually the status of enforcement and where are the problems and the challenges in a system of enforcement that is actually quite important in

Speaker A

about uh you know which are the constitutional principles you know that should guide you know like questions related to enforcement of this of European digital regulation considering how fast is changing and thousand times I don't want to use the word the

Speaker A

order also, you know, for European digital regulation to deliver its own promises. So that's actually the background of the reasons why we decided to, you know, like, uh, open this, u, this, this, this conversation. It's a broader project

Speaker A

Thank you Javanni and uh good afternoon good evening to everyone. Thank you for joining us till this very late hour. Um so the question focusing on constitutional principles that should govern the enforcement of the digital aki as I like to call them I think is

Speaker A

that we are doing also with Simona that is there, and actually we decided actually to have this conversation here at CPDP. So, but without further ado, you know, I will introduce, like, basically each speaker, you know, we're going to have like four inputs, you

Speaker A

the EU. Basically, we can say that the EU has succeeded in a way in in designing this rule book with substantive rules as Javanni said, but also what the digital omnibus now shows is that their implementation is perhaps more difficult than than would

Speaker A

know, basically like, basically overarching question, and then we, you know, we will collect your answer at the end of the four presentations. That's actually how it's supposed to work. So, and the first one in line is Simona that

Speaker A

my contribution here today, I would like to maybe highlight um what are the enforcement challenges that actually put the legitimacy of the digital ai in question. Um because they are not only issues that are practical in nature, they are of course practical because

Speaker A

is actually an assistant professor at Leiden University, and Simona is an expert in new law and also administrative law. That's precisely why, I mean, she's perfect in a panel when we talk about enforcement and part of enforcement digital regulation. She has

Speaker A

with uh the design of procedures that are uh somewhat too complicated let's say uh and with the many different regulations that have been adopted in silos within different teams different legislative teams as well um maybe these questions these broader horizontal

Speaker A

worked actually on different issues relating your constitutional law, administrative law, and she has also recently, uh, published like a book about automated decision making and effective remedies with Edar in 2023. That is actually one of the first points that

Speaker A

surface and show the limits of uh of the power or the mandate of one authority when they have to cooperate with an authority of another level which is here either a member an EU level or an authority of another member state. Um

Speaker A

lead us to talk about remedies and enforcement. Except for that, apart from saying that with Simona also we are working directly in this month's precisely on the topic of enforcement of digital regulation. I will leave the floor to Simona asking the question

Speaker A

then the requirement of independence really becomes the fundamental um characteristic of the regulators. But we also know that many of the designated authorities on the member state level may not have the same type of independence as perhaps the data

Speaker A

about, uh, you know, which are the constitutional principles, you know, that should guide, you know, like questions related to enforcement of this of European digital regulation considering how fast is changing and thousand times I don't want to use the word, the

Speaker A

same now goes for a broader accountability of those regulators of the enforces themselves to whom should they be accountable? Uh if we think on the EU level for instance the cooperation between the new agencies like the AI office uh should they be uh

Speaker A

expression that is a little bit divided between super national and national, you know, but I wanted just to see which are at least the constitutional guidelines and framework in which we are moving. Simona, thank you so much for

Speaker A

um regulated by those uh agencies is. So there are questions that are fundamental EU law nature and they are not yet answered let's say and I think um the digital omnibus doesn't answer them either. Um this creates of course a lot

Speaker A

Thank you, Javanni, and, uh, good afternoon, good evening to everyone. Thank you for joining us till this very late hour. Um, so the question focusing on constitutional principles that should govern the enforcement of the digital AI, as I like to call them, I think is

Speaker A

questions that I just mentioned. Um so I would just maybe highlight three key questions or structural issues that really put this um constitutional uh legal system of the EU in in a question mark right now is the requirement of the independence the the

Speaker A

very pertinent because, um, the project that we put together with Javanni, actually that he mentioned already, focuses on putting enforcement into the light of constitutional challenges that arise from implementing the digital rule book that we now have in place in

Speaker A

or the the supervisor that is also competent in the field. These questions are still to be to be addressed. And then there is a third layer of challenges that is in now coming to the surface also from the digital omnibus

Speaker A

the EU. Basically, we can say that the EU has succeeded in a way in designing this rule book with substantive rules, as Javanni said, but also what the digital omnibus now shows is that their implementation is perhaps more difficult than would

Speaker A

proceed with the role of the AI office which is uh strengthened with the digital omnibus proposal on the AI act.

Speaker A

seem at first. So a lot of these questions are being, uh, put on the table without clear, um, answers being served because, um, well, some of it is touched upon by the digital omnibus, but some of it is also left out. And so in my, in my

Speaker A

EU when we when we want to um well maintain maybe sufficient separation of powers between the different institutions but also in light of subsidiarity and proportionality principles based on which the EU treaters treaties are of course uh uh

Speaker A

my contribution here today, I would like to maybe highlight, um, what are the enforcement challenges that actually put the legitimacy of the digital AI in question. Um, because they are not only issues that are practical in nature, they are, of course, practical because

Speaker A

Sorry, the mic was off. You still have three minutes. Okay. Okay. Great. So, I I touched a bit already about uh on the on the omnibus what it actually uh changes in this context. Um it proposes some new uh

Speaker A

enforcement is about practical implementation of the laws. But in our views, uh, they are also, um, touching upon the foundations of the EU legal order, such as a supranational legal order that relies on cooperation between the EU level and the member state levels

Speaker A

ground. This is something that is subject to national procedural autonomy. This is why we have that kind of a variety in the member states. Uh and it's probably hard to fix through um well streamlining of the AI act itself.

Speaker A

with, uh, the design of procedures that are, uh, somewhat too complicated, let's say, uh, and with the many different regulations that have been adopted in silos within different teams, different legislative teams as well. Um, maybe these questions, these broader horizontal

Speaker A

which which triggered cooperation between the competition authorities and the data protection authorities not knowing who has the final say in a dispute that kind of involves questions of both of competition law and data protection law. Um here we we see that

Speaker A

questions weren't, uh, weren't really considered in depth. So, um, more overlapping mandates of the enforcers now become a problem. Um, new forms of composite, uh, procedures, or what we, uh, administrative lawyers like to call as composite procedures, come, uh, to the

Speaker A

um the court of justice only resorted to the principle of sincer cooperation in this case because that's the only thing that they could do and they're not the legislator of course but uh having the absence of the vacuum the legal gap in

Speaker A

surface and show the limits of, uh, of the power or the mandate of one authority when they have to cooperate with an authority of another level, which is here either a member, an EU level, or an authority of another member state. Um

Speaker A

justice which showed that new forms of composite procedures still don't have answers. We don't know what the standing against uh a body like the European data protection board is when they adopt decisions that are binding on national um supervisory authorities. Who can go

Speaker A

and, um, for instance, different guarantees like the guarantee of independence, which is, uh, rather constitutional, uh, requirement now, is somewhat put into question because, well, if we think about all these, uh, regulations touching upon the fundamental rights questions,

Speaker A

Perhaps it gives an impression of better legal protection for the companies that are uh regulated in this case. But it may also create uh more legal uncertainty for uh less such non non this kind of big players as well for

Speaker A

then the requirement of independence really becomes the fundamental, um, characteristic of the regulators. But we also know that many of the designated authorities on the member state level may not have the same type of independence as perhaps the data

Speaker A

have this project that have we are in an academic panel that brought together many uh experts in the field of enforcement and and digital regulation and EU constitutional and administrative law and we are preparing uh Cambridge handbook on the enforcement of EU

Speaker A

protection authorities would be expected to have. Right? So all kinds of, uh, questions about what kind of independence is, uh, to be desired from the regulators that are now entrusted within with enforcement of the digital AI, um, relevant to be addressed. And the

Speaker A

broader um academic discussion let's say and then maybe legislative discussion in in another in thank you so thanks Simona this actually it's a very good overview to enter the discussion and the topic of having you know like questions for enforcement that spread

Speaker A

same now goes for a broader accountability of those regulators, of the enforcers themselves. To whom should they be accountable? Uh, if we think on the EU level, for instance, the cooperation between the new agencies like the AI office, uh, should they be, uh,

Speaker A

authorities spreading up of course across the member states and then you have even more power uh you know like when it comes to European commission and also this power has been tried to be coordinated also with the digital omus

Speaker A

answerable to the, to the Court of Justice? Should there be a way to, uh, maybe seek redress against the enforcement decisions of a body like the AI office? We don't know what the rules on standing for companies that will be

Speaker A

more of this legislation But the enforcement of this legislation is of course governed by authorities and entities that are spread across different member states. They are actually sometimes they have different also and also the minist culture of the

Speaker A

um, regulated by those, uh, agencies is. So there are questions that are fundamental EU law nature, and they are not yet answered, let's say, and I think, um, the digital omnibus doesn't answer them either. Um, this creates, of course, a lot

Speaker A

probably one of the foundational issue when it comes about the future of the digital world book. Uh and now I mean without further ado we'll move basically to basically to up we'll move up to the European Commission to talk about

Speaker A

of legal uncertainty. Legal uncertainty is something that the digital omnibus is, uh, trying to address for the companies largely, uh, a bit less perhaps for, um, for the accountability of the legal order as such. Uh, when we think about these

Speaker A

Commission at Dig Connect and even before that among the different roles he's also served as the chair of um of uh definitely and he was also the if I'm not wrong the director of the Slovak media authority. So you know like

Speaker A

questions that I just mentioned. Um, so I would just maybe highlight three key questions or structural issues that really put this, um, constitutional, uh, legal system of the EU in, in a question mark right now is the requirement of the independence, the, the

Speaker A

Thank you very much. And yeah I I'll try to briefly uh walk you through our thinking in in the DSA team uh when we are talking about the interactions with other uh legislative framework and other authorities. Of course the answers are

Speaker A

questions of how to organize cooperation between the different, uh, regulators on the national le...

Speaker A

uh you know when we are talking about the time of omnibus the first thing that we need to say about the DSA is that it's not touched by by these changes by the simplification. So the the the enforcement of of the DSA is going on

Speaker A

very firmly. We have 17 open investigations, one you know already closed. Uh famously uh the DSA delivers really much you know bigger transparency in the online environment than we ever had before. It delivers the rights to users to the the intermediaries. It

Speaker A

helps with the protection of public space uh from you know hostile interventions and very much in our focus now is also protection of minors. You probably heard about the guidelines on the protection of minors and DSA really provides for the strongest protection of

Speaker A

of of minors uh currently anywhere in the world. So with this being said uh let's focus first on uh a bit of how the legislation works you know toward the DSA. So in in the DSA you know the first

Speaker A

thinking and some of you may remember uh when the DSA was only a draft and it was debated in legislation there was this thinking that DSA will be a horizontal legislation it will be so-called lex generalales uh general kind of you know

Speaker A

rulebook and then every every specific law then you know will will connect to it via you know lex specialis meaning you know if there is no special rule in the in some other law you know the DSA will apply but this was

Speaker A

drug doing negotiation because it was realized that not every legislation and not every framework work this way and that the interaction need to be much more nuanced so it's still the DSA is horizontal and yes the the predominant

Speaker A

interaction is that you know it's a horizontal legislation and then you have special legislation that can connect to it uh but there are some other interactions that are much more nuanced and they need to be interpreted. Now, this was anticipated also in the DSA and

Speaker A

in article 91 you have a kind of call for the commission to prepare a report that will talk about this interaction with other legislation. This already happened. So, we have uh that report. It identified 54 other uh rule books or

Speaker A

frameworks or instruments as we can call it whatever uh that are interacting somehow with the with with the GSA. And yes like the the one one of the interaction is the plug-in that I just said but of course uh there is also a a

Speaker A

different type of uh interaction that means for example that you know there are similar obligation but the scope is different so know the overlap is not total but just partial and you know it's it's not easy to pick you know what

Speaker A

rules to apply. So again there needs to be some kind of very careful interpretation and also there are uh you know moments where the DSA is referring back to some kind of other legislation.

Speaker A

So again different kind of interaction. Now these things like in principle are complimentary. So it's not that you know in principle there is some kind of clash but again it is about the interpretation and careful legal work uh visa v you

Speaker A

know other partners and ultimately very probably also in courts uh that will decide what what what is there. Now this report also identified uh overlaps that are clearly there and that you know we can already work on. I've mentioned

Speaker A

protection virus that's one of them. You know MMSD for example visual media service directive has a strong uh child protection uh movement and there are video sharing platforms which for example is YouTube. YouTube is also a platform under DSA. So you know there

Speaker A

there may be this kind of overlapping rules also GDPR is addressing uh protection of minors. So, so and there are more of these but I won't into detail but just that you have the picture but again the overarching point

Speaker A

is that uh there is a high complimentarity between uh various instruments but of course there are moments where we need to be careful and it requires a careful work now there's also institutional perspective because all of the legislation that I mentioned

Speaker A

have some some kind of governance right and you can have like really centralized governance which for example is digital markets act there's the commission as a regulator and that's it but then you have digital services act you have AI

Speaker A

act where you have the commission uh which some kind of role on on the for example in the DSA because of the very large platform search engines and this is this is where the commission is exclusive regulator but then you have

Speaker A

also member state level regulation and this is very similar in AI act so it's a kind of hybrid system and then you have also completely decentral centralized systems like uh TTPA A which is the uh uh transparency of political advertising

Speaker A

regulation or very famously GDPR. So when you know these institutions are cooperating it's not the same model with everybody. It's it's very different and again it can be compl uh complicated but it also needs to be understood that this

Speaker A

governance models you know was chosen because of the nature of that instrument. So it's not an arbitrary thing. It's it's something that that somehow uh is working with the system.

Speaker A

So there needs to be a way to uh of to cooperate uh between the models but there's also of course overarching uh coordination right on the EU level among the EU institutions you have different uh inter service groups that are doing

Speaker A

just that but then also like on a local level uh you have for example situation uh over you know the DSA which has the European board of digital services there you have different types of regulators Of course they are all digital services

Speaker A

coordinators as designated locally on on the member state level but these are not the same type of regulators. So you have like majority probably are telecom regulators but you have media regulators there you have a protection uh consumer

Speaker A

protection regulators there. So they're covering different territories and you know then for example when you think about media regulators I think it's six of of the DSC's are media regulators too. they're covering both like audio visual media service directive and uh

Speaker A

the digital services act on the member state level and you know when it comes to telecom there's no other other overlap so so the synergies are also created just by this and then you know you have completely different kind of uh

Speaker A

groupings for example famously now under democracy shield is the resilience center that is you know gathering different types of authorities they might not be regulators authorities but are gathered because you know there's an information integrity aspect that needs to be covered and that needs

Speaker A

to be protected and these are you know coordinating on different levels uh just because of this. So these these types of of uh of uh uh coordination bodies are created also ad hoc and this is precisely to overcome the uh

Speaker A

institutional gaps that that might exist uh in different frameworks and yes so so this is this is the uh how to create uh some kind of synergies uh how to identify the gaps and how to overcome them. But of course all of this

Speaker A

is rooted very much in the rule of law as was mentioned you know in the outline of of uh this uh uh this panel uh and you know you have fundamental protections. I'm coming from the DSA side so I can say that the DSA is very

Speaker A

much uh embedded into uh fundamental rights uh system. It's mentioned so many times uh in the DSA. uh so it's some sometimes it's very hard uh to understand the attacks against the DSA from this perspective because for example just protection uh of speech is

Speaker A

is there you know on every other page and DSA was very carefully drafted because of this not to infringe on the on the freedom of speech of the users.

Speaker A

Uh so yeah I will end here and happy to answer any question and look forward to discussion. Yeah, thank you. Thank you so much. Uh because this has allowed us to bring other pieces together. You know, just just mentioning the

Speaker A

perspective of the DSA, you can see all the connections are and you can imagine not only for VOPS but also for online platforms in general, you know, like that they deal with the datadriven business models but there are also

Speaker A

platforms that are also implementing AI systems. This means already maybe of course they are consumerbased and oriented. So this is already like you can see where are the connections when it comes to the enforcement of this of of the big picture you know especially

Speaker A

when part of the enforcement maybe is attracted by the European Commission and part is national and then you have maybe the onetop shop mechanism for the GDPR so it's complicated so that's actually why we want to unpack and talk about

Speaker A

that because the attention is not really focused there and there's a lot to say in this space but without further ado because we also want to have conversation with you I will move the floor to give the floor to Angelica

Speaker A

before saying that she's actually we are going to the level of the member states this time and because Angela Fernandez is a legal advisor at the data protection authority in Luxembourg and plus she has a very important expertise

Speaker A

also with UNESCO when it comes to the role of authorities in enforcing AI you know generally speaking the rules on AI so she's really the perfect person to provide us another perspective when it comes to the problems of to the problems

Speaker A

and the opportunities of enfor enforcement of European DJ regulations. So, Andrea, please the floor is yours.

Speaker A

Thank you, Yavani and thanks for limitation and sorry because of my voice and allergies. Um, so I would like to um to base my intervention on the two pillars of um of digital uh aiso uh the act and the GDPR and the lessons we

Speaker A

learned from the GDPR and the opportunities that come from those lessons with the AI act. I'm so sorry about my voice. Um so to start uh my first remark will be about the lessons learned under GDPR. So uh what a decade

Speaker A

of application of GDPR has shown us is that the distance between institutional design of the law and the institutional outcome can be considerable and that this distance needs to be taken seriously and as a matter of regulatory learning rather than institutional

Speaker A

criticism. Uh that's really important and one of the main lessons to be drawn is that the enforcement model in general requires sustained and continued investment in resources in coordination in institutional infrastructure that allows these ambitious rules to have the

Speaker A

desired outcomes. Um the transition from uh this legislative achievement uh to enforcement maturity uh is perhaps something that uh you bring a lot to your academic work and has reflected on and I think is indeed one of the

Speaker A

constitutional challenges of the EU digital governance project. So that's uh very important and this is why the effectiveness of the application uh is is really uh the step we are re we live right now I guess as a national

Speaker A

authority um and um I I would like to give a very positive I guess outlook on this challenge uh because I think there is a lot of improvement already from the experience that of the early on implementation of the GPR versus what

Speaker A

we're living right now with the early on implementation of the AI act and This largely reflects something very positive which is that there is institutional memory and experience and that this is a great foundation which effective enforcement can be built on later on.

Speaker A

Um um this experience with GDPR also uh we learned and been discussed that we need uh in general more enforcement capacity and that building that capacity for example across all member states uh with different administrative traditions and different resource levels is a project

Speaker A

in its own right and that deserves a lot of attention and not only to the legislative design which is perhaps alluding to the uh omnibus um and in retrospect the A give us this opportunity to apply everything that we

Speaker A

learned from the GDPR enforcement from the outset rather than afterwards. And this is a very significant advantage and one that I think all supervisory authorities are already been using and and and and and a concrete example that I want to bring to illustrate this and

Speaker A

perhaps is something that is u not well known is that um there is an European working group of company authorities on AI and one of its members is actually here in the audience which is an informal group chair uh by the Dutch

Speaker A

authority of the digital infrastructure RDI. uh the ZEP so uh the data protection authority participates actively in this group and we chair the ASM box group this is an informal network and this is very important it's informal but what is

Speaker A

really special is that it was put in place before the entry into force of the Act so while the text was being negotiated and this already shows a very good reflex of like institutional memory of knowing that we need to start early

Speaker A

on on exchanging and figureate how the implementation of the AI will work and uh also in particular and this been already mentioned because of the diversity of actors that will come into play. So there were telecom regulators, there are media authorities also there,

Speaker A

data protection authorities, micro surveillance authorities um so cyber security agent is also part of that group. So really all of this and and because of it then it's it's really an interesting example I believe uh the group has several also growth so there's

Speaker A

transparency cyber security uh sandbox high cyc systems etc and and of course after the act was adopted now there are obviously the more institutional ways of exchanging information that were given like such as the board um but this uh

Speaker A

particular group I think is a great example even though it's one about how uh how much commitment there is from all supervisory awardies um to counter fragmentation in one way to construct a shared vision of what implementation should look like and because it's an

Speaker A

actual extra effort because it's outside of this mechanisms already given by the law of trying to build this capacity and to share information and knowledge. Um there are over 27 authorities uh because they come from different sectors even if

Speaker A

they're from the same country and institutions participate in the network and over 100 civil servants uh that uh you know come together uh to discuss these things. Uh so I think it's fair to expect that the runway between

Speaker A

legislative entry into force and enforcement maturity will be shorter for the Act than it was for GDPR and uh and I think that's a great prospect. Um so uh Joani had asked me before a question about fragmentation. So I think is uh

Speaker A

very quick to be talking about fragmentation uh when uh we are in the early phase of uh just new digital rules.

Speaker A

My second remark is on um capacity building linked to enforcement as Javanni said is a really a topic that is I feel under theorized and that is uh um dear to my heart um and I want to spend

Speaker A

a moment just defining what I mean by capacity building um because not simply about budget lines and hand counts even though that's really important for all supervisory authorities and should not be understated uh but it also operates across two distin dimensions for me

Speaker A

which is technical capacity so a specialized knowledge investigative tools So it's very important and sometimes very costly and domain expertise requirement to regulate technologies of complexity such as the AI systems. Uh so a supervisory authority that is for example in charge

Speaker A

of conformity um of you know revising a conformity assessment document not only needs to understand the legal standards and the technical documentation and all this but also needs to have a clear uh understanding of how an AI assistant is

Speaker A

trained uh what meaningful oversight meaningful human oversight means in practice and all of these things. Um and this knowledge cannot be um improvised.

Speaker A

It must be systematically built, continuously updated and institutionally retained. And this is true also uh for data protection authorities when they were dealing with algorithmic processing on the GDPR and they had to learn all of that. Um and here we have an expert in

Speaker A

the room. An authority that lacks uh the technical knowledge uh on the assessment of complex AM cannot uh make right respecting decisions about it. uh not because they lack a good faith or commitment or the mandate to do it just

Speaker A

because they want to have the competence and this is why uh this topic about uh capacity building is such a crucial topic uh for enforcement at least I think so and the second dimension is institutional capacity and this we refer

Speaker A

to uh the organizational structures u the procedural frameworks that inter agency relations that allowed an authority to relate uh and to translate this technical knowledge into effective uh regulatory action uh And here I would like to um also offer a second not

Speaker A

perhaps not well-known example but also uh that speaks a lot to um the global dimension um in digital regulation uh for the digital age. Um uh so uh the seed it's a co-chair of the UNESCO global network of AI supervisory

Speaker A

authorities since last year along with the data and authority. Um so this is a network of regulators basically uh of all sectors. Uh the LA network was launched last summer. It has around 34 members all supervisory authorities in

Speaker A

different capacity which is explicit recognition of exactly that the different shape of AI regulation around the world and uh and in itself of like the the the intersectorality I guess uh that sometimes enforcing AI uh has.

Speaker A

Um I think it's also a good example of how well EU institutional capacity and experience is perceived in this specific domain and this is very much influenced by GDPR enforcement experience uh that is received very much positively around

Speaker A

the world. Um we obtain um the chair to a voting process. So this is why I say it it's a true reflection of how well we are perceived in general not only to the credibility of the seed but also in

Speaker A

general to European supervisory authorities. And I say these because the work of the European working group of competent authorities on AI was really what inspired the launch of this network and then of course that credibility that was built with the peers was what allows

Speaker A

to to win the mandate. Um but also in general just uh to launch the network.

Speaker A

Um the ambition of the network is to support peer-to-peer knowledge exchange among supervisories on AI. uh while uh the network is in stages so it's hard to to speak about uh more in detail about it or or or concrete actions let's say

Speaker A

um I think that it recognizes already the mer existence of it the importance of cooperation uh across different dimensions of technical expertise and again institutional capacity and also uh testimony uh to the incredible commitment of to regulatory learning and

Speaker A

international cooperation from all the participating authorities uh because again this is voluntary and and it's really at a technical level. So it's not political. Um so I think there is this um real will and ambition um to to

Speaker A

enforce to to build capacity to enforce correctly to um to share a vision of what uh well GDPR AI but just in general privacy and AI uh can can do for for humanity because we're talking a global stage. Um and to conclude uh GDPR and AI

Speaker A

together represent this constitutional vision for the digital age and the task is now to obviously ensure that this is matched by institutional reality and capacity building is exactly how this happens is how this model of digital governance is not just something nice in

Speaker A

in the law in the text in the design but it's also effective in practice and in times of the omniverse as the panel title indicates um this effort on capacity building on talking to your peers becomes uh absolutely necessary

Speaker A

whether it's informal like the example of the European working group of constant authorities on AI or formal like the global network supervisory authorities at the international level um so this is just two examples u the show is and um and I think these

Speaker A

experiences at a technical level again contribute largely and positively to the EU global role in shaping digital regulation. Thank you.

Speaker A

Thank you so much because uh I mean definitely know like there are at least two main parts here know that are very very important. Think about is about the role that also you know like uh uh national authorities plays in digital

Speaker A

regulation and the problem is also the numbers of authority you know like that are spreading across all the member states and some member states have decided even to appoint more than one single authority you know like for the

Speaker A

same legal framework you know like this has happened particular in the case of the AI act but what is interesting is also that we also need to recognize the problem of uh you know like what uh Angelica said about capacity building

Speaker A

that it's a huge question when it comes to different types of authority across member states with different also administrative cultures. That's why we mentioned that point and this is very very relevant also have in mind what is the perspective from the member states

Speaker A

here because at the end most of the companies are at the national level I mean for good or bad doesn't matter at the moment that's actually the what we have and now I mean we need I it's nice

Speaker A

to zoom out a little bit you know with the next speaker because also Bianca is here with us you know from uh the future of privacy forum from FPF now I'm going to introduce uh her of course she's

Speaker A

going to uh give us a little bit the perspective about what does it means?

Speaker A

What are the challenges of you know like approaching this challenges of enforcing of European digital regulation in times of omnibus also from a global perspective thinking about what are the real uh problems there you know so we are trying to zoom out after going very

Speaker A

very close to the member states. Uh so a couple of words of course to introduce uh Bianca of course that is the managing director for Europe at the future of privacy forum at FBF and this actually basically she's responsible for all the

Speaker A

activities when it comes to data protection privacy and AI regulation in Brussels nice particularly this time of this time considering the evolution also with the omnibus and also I mean has been involved usually always involved in many uh events activities and also you

Speaker A

our stakeholders conversation when it comes uh to this uh topic. So she's really another, you know, gem here, perfect person, you know, like to continue this type of conversation about uh enforcement also moving talking a little bit more about the challenges of

Speaker A

the omnibus approach. So Bianca, please the floor is yours. Thanks actually. Thank you Joavanni for the like really overly kind introduction. I don't know if I deserve that. Um and and thank you for convening and and organizing this uh this very

Speaker A

interesting panel. Um, so I'm going to dive a little bit into the digital omnibus side of the situation in relation to enforcement. And I think first it's important to contextualize this digital omnibus in the broader rule book. Um, I I'm still getting to grips

Speaker A

with it myself. Um but indeed digital regulation today is very different uh uh today from from uh you know for example when I started my journey uh in data protection doing advocacy and DPO work uh around 8 years ago and of course the

Speaker A

technologies and challenges that we're facing today uh are also not the same as then. So rightly so we we have a broader set of rules for digital life uh AI act DSA uh DMA cyber security health data spaces uh I'm not going to name them all

Speaker A

but there are many um and what's important here is that each of these laws uh comes with a huge variety of different regulators data protection authorities consumer authorities you know media regulators competition agencies and and the fact of the matter

Speaker A

is that uh it's it's a complex enforcement landscape and it requires is a high degree of kind of sensitivity and and collaboration. And I think Angelica made some great examples of of uh existing uh collaboration. So I'll zoom

Speaker A

in on some of the data protection elements of the digital omnibus because what all of these more recent frameworks have in in common is the GDPR of course which acts as the the foundation uh of this rule book. uh many of the the other

Speaker A

laws refer to it and rely on it for definitions and cannot go contrary to its principles. So of course any attempt to modify the GDPR will also have uh knock-on effects um uh on the broader rule book. Um I also will give a short

Speaker A

disclaimer about the omnibus because while with the AI omnibus we saw things moving very quickly now it's been approved with the digital omnibus it's a completely different story uh the changes on the table are are very sensitive and and highly contested and

Speaker A

politically uncertain. So where is probably one of the first areas where enforcement might be affected in the digital omnibus context that of course uh relates to the proposed personal data definition um because it seeks to potentially amend uh or affect the entire scope of

Speaker A

application uh of the GDPR. So the situation is as follows. data may not be considered personal data for a specific controller but that controller does not have the means reasonably likely to be used to identify the individual. So here

Speaker A

is an area where you can uh imagine for example pseudonymization anonymization debates uh really in intensifying at the same time there's a new article uh 41A that would empower the commission to adopt implementing acts uh interpreting when pseudonymized data

Speaker A

would not be considered personal data for for certain entities. So there's a couple things to highlight here. Um first point and this actually comes from the EDPS EDPB joint opinion on the topic uh which states that this change would

Speaker A

indeed narrow the concept of personal data. Um and then now this is my own interpretation. This could lead to more cases where the GDPR simply does not apply and of course this has clear implications for enforcement. So quite

Speaker A

simply if the GDPR you know does not apply what DPA's uh can do remains a little more limited in that sense. Um the second point that is relevant for enforcement here is if the commission can adopt uh an implementing act

Speaker A

defining pseudonymization which is typically uh within the mandate of the EDPB. um what does this mean for potentially diverging definitions or interpretations and consequently on uh legal certainty?

Speaker A

Um another point where we see omnibus impact on enforcement uh is with the proposal to amend article 125 and limit data subject access requests. Um this is linked to uh so-called uh uh abuse of rights. Um the thinking behind this is

Speaker A

is really that there have been an increasing number of cases uh of requests submitted using generative AI uh and and DPAs themselves have reported uh an increase in such requests. Um in general the CGU considers that data subjects can submit access requests for

Speaker A

reasons other than just becoming aware of data processing and without having to find uh having to provide a particular motivation. So here really a balance uh needs to be found uh because of course access rights are foundational to the

Speaker A

for the ability for data subjects to exercise other rights under the GDPR such as objection correction and so on and to be able to assess the lawfulness of processing. One of it's also one of the ways that a data subject may then

Speaker A

decide to either escalate a complaint to the national DPA and so on. So this question also directly feeds into uh the enforcement impacts. Um, a couple of big picture points that maybe complement a little bit what has been said so far.

Speaker A

Um, with the commission we've seen has been taking a significantly more active role as digital regulator over the last couple years. There's the the DSA, the DMA. There's been significant guidance also joint guidance by the commission and the EDPB. Uh, that's that's very

Speaker A

interesting. for example on the GDPR and DMA interplay on GM GDPR and DSA. Many of you uh in in this room uh are already aware. So there have been a lot of iterative efforts on all sides to kind

Speaker A

of try to streamline and iron out uh some of these uh interpretive differences already and this is independently uh of the omnibus. There's also another interesting area to watch here around the definition of anonymization and this relates to DMA

Speaker A

GDPR. Um so for the purposes of article 611 uh under which gatekeepers um operating online search engines have to provide access to search data to uh certain third party uh providers. And what we've seen here is some diverging

Speaker A

definitions uh which is great for legal folks because this is very uh small but the commission's framework calls for the reduction of reidentification risk to be very low while the EDPB standard for reidentification risk speaks of insignificantly low. So there are small

Speaker A

uh uh sort of differences and we see that there is this pressure where it seems that different thresholds emerge in the DMA context as enforced by the commission and a different threshold under the GDPR as enforced uh by by DMAS

Speaker A

uh by uh DPAs. And then very final point on enforcement if I have time just as as it currently stands. So while the AI omnibus was being uh negotiated u until very recently, enforcement of digital laws has of course continued uh in

Speaker A

particular under GDPR but also the DSA. Um and one area I want to show an example of this regulatory cooperation issue at the enforcement level is around age verification uh which is uh intensifying as as a focus area uh in

Speaker A

the EU. So for example, the Spanish GPA very recently issued a fine uh for a digital identity company uh Yoti for some failures around biometric data processing in relation to their age verification measures. Um we saw the EDPB adopted already in February 2025 a

Speaker A

statement on age assurance, you know, outlining the necessary data protection uh compliance processes. At the same time, the commission obviously has several investigations uh under the DSA uh over failures related to age assurance. Uh and most recently, just

Speaker A

last month, uh the commission um issued uh a recommendation for an EUwide framework uh for age verification. So and and this recommendation really discusses a lot the importance of privacy of privacy preserving methods but nowhere does it mention the GDPR or

Speaker A

the ADPB statement or any pre-existing work uh in the data protection and privacy community uh on the topic which is indeed uh extensive. So of course this recommendation is non-binding. It's it's just sort of a first step in that

Speaker A

in that sense a soft law instrument but it gives a bit of an indication as to the thinking on this topic and and perhaps uh an area where regulatory cooperation is is still needed so we don't miss these opportunities uh you

Speaker A

know for for alignment. Um so I leave it here for now. Thank you. Thank you.

Speaker A

Thank you so much. You know like this adds like uh another bit of complexity about the framework we are going through you know especially we will see what is the output with the digital omnibus because precisely the one with AI is a

Speaker A

little bit more advanced with the one with data so with the one with data we will see what's going to happen but definitely is going to affect you know enforcement because whenever you are touching the rules of course it's a

Speaker A

matter of interpretation of the rules uh but also the one in AI for instance there are specific rules called trying to coordinate enforcement I already mentioned that for instance when it comes to the relationship between the DSA and the AI act. So this was actually

Speaker A

very interesting and I would like first of all to say thank you for a perfect time management. Thank you so much for that. So this allows us to have enough time I would say more than enough time I

Speaker A

hope uh to actually collect question from the audience. So and now I see Maria there one two. So shall we collect three questions and we and then we we do a first round uh there. How should we do

Speaker A

that Mike? Yeah, the first question is down there. I mean for me it's down there. Okay.

Speaker A

Thank you. Thanks so much. Uh I'm Maria Merka from M University. Thanks. It's very interesting topic and uh a lot we can discuss about. So I I have actually two questions. So one is one that I I realize I'm asking since I think two

Speaker A

years at every CPDP because it comes up because we discussed so much this fragmentation between the different juris the the digital ACP. So question on the table is should we have EU administrative procedure and uh are we going into this direction? I saw

Speaker A

recently renewal was uh updated so we even have rules on the table that we can use from. Do you see any future for that? That's my first question and the second one is more about the whole design of enforcement as this national

Speaker A

authorities and so on. Do you think the frameworks are uh prepared enough to be um to ensure complete independence of the data protection authorities and other authorities against different influences and I think this is the only panel where

Speaker A

we can address this question the elephant in the room like the elections around the EDPS that so we have the EU institutions itself damaging the whole rules of the system from the way the the authorities are selected so I know is a

Speaker A

bit political. I imagine not everyone will be able to comment on that. I just think this is the only panel where we can have this discussion at least a bit.

Speaker A

So thanks a lot. Thank you so much. Let's collect I know that you are already I mean I know I see that you are jumping you know like already but I mean let's be patient and collect at least other two questions

Speaker A

please. So I see another one there and then we move there please. Thank you.

Speaker A

Hello. Uh I'm Larissa. I'm a PhD researcher at Arasmus University Roterdam and I also run a consultancy in data protection. Um my question is to Bianca. Um my research is about article 12 paragraph 5 of the GDPR and because of

Speaker A

this the digital omnibus of course it was a moment of joy because I had a lot of research to write about uh the this proposal and what I want to ask is how do you see or what's your opinion about

Speaker A

the fact that in the omnibus we have abusive requests as uh let's say an explanation for excessive requests. for this term. Whereas if we look at the Jewish prudence of the court of justice of the EU, we see that abusive requests

Speaker A

is a general category for both manifestally unfounded and excessive requests. Okay, that's all. Thank you. Thank you so much. Third question and then we do the first round.

Speaker A

Others. Yes. Hi, thank you very much for uh this panel. I think it's super interesting and thank you in particular for presenting a little bit this study that you're doing. I think it would be great to hear next year maybe what are the

Speaker A

results. I don't know what the timeline is but definitely very necessary to have this approach to really look at into the architecture of the different enforcement systems. Um I wanted to make a suggestion. Uh I didn't introduce myself. Sorry. Osul from Noipib. Um the

Speaker A

thing is that I miss a little bit but the perspective of those who should be protected by enforcement right what about the consumers the users the data subjects the affected persons etc etc.

Speaker A

Will you also consider what is um at offer for them? What are the complaints mechanisms? We know for example the DSA we have these hybrid systems as it was called but we cannot complain to the European Commission. There is no right

Speaker A

to complain to the European Commission which is really a lack. Uh we have huge issues with GBTR GDPR enforcement. I don't think that it's a very good model.

Speaker A

This is maybe why the one-stop shop mechanism was not followed and we have now this multitude of different things.

Speaker A

Question would also be to the commission but I don't know who is in charge there.

Speaker A

What does the digital fitness check do in relation to the consistency of these enforcement mechanisms? The principle of effectiveness and the principle of equality in this case protection of the Europeans uh from uh the diverse illegal practices. But the concrete question I

Speaker A

have was also how do you see what the digital omnibus does in terms of what we see a lot of relativization of concepts which in our opinion very much makes enforcement not easier not simpler and even compliance more complex and

Speaker A

difficult it's not simplification it's more complexity what I mean is uh we have the examples actually that Bianca mentioned article 4 uh personal uh data definition becomes relative depending on the capacity of the controller. We have the example also Bianca mentioned 125 is

Speaker A

the right to access in the future will depend on the intention of the data subject that has to be assessed by the supervisory authority. So that has to be a psychological exercise. So this is not simplification it's a contrary I just

Speaker A

wonder what you think about that. Thank you. Thanks a lot. So okay, how should we do that? Uh I think that the first question is about harmonization of admin law. So I will call Simona maybe to answer right

Speaker A

please. I mean I will take it but it wasn't addressed to me. It was not addressed to anyone here you know like so I'm just looking at you you're like you're you're right in asking that and of course I'm a bit biased when it comes

Speaker A

to saying yes. I think there is a need for a broader horizontal maybe some sort of harmonization of procedures coming from my background but I don't think it is the moment that we're going towards at least that that the idea is um what the the

Speaker A

omnibus is touching upon doesn't seem like that there is a discussion focusing on new regulation that could harmonize procedures across different digital regulations um GDPR regulation or procedural rules of the GDPR enforcement itself proved to be very difficult to to

Speaker A

harmonize right and to fix and I think the fixes you know yourself were not adequate perhaps uh as wished for so uh an academic exercise like renewal uh update of the rules is welcome I think it's it's a good addition to the debate

Speaker A

but I think for the from the legislative point of view I don't think there is now the moment for it. Even though I would advocate for it to be considered for sure in Brussels, but uh maybe not uh it

Speaker A

is not yet on the table. The same thing for the independence guarantees. I think uh it's a big question that of course I already put on the table. It's something that perhaps the court of justice will step in to to fix for us if the

Speaker A

legislation doesn't do do it justice as it did with the DPAs on the ground. Of course, different states had different rules on the designation of national data protection authorities and the court came with its own notion of complete independence and what it means

Speaker A

in practice in in different states uh as the litigation evolved and I think that may be also necessary when it comes to different regulators across different digital domains but of course they um it is a very peacemeal uh kind of approach

Speaker A

and that one that puts individuals at the greater risk I would But I will stop here to give no thanks Simona. But this is very very important because I mean there is not even harmonization across the different pieces of U law when they confer power

Speaker A

to these authorities you know like even there are different approaches to that. So even if that would be a first starting point from the top but I would say that from EU law perspective that's why where the problem

Speaker A

lies because of how EU legal system operates right there is the national procedial autonomy and that is a big important barrier um to the EU competence on legislating on procedures on administrative procedures as such. So I think the root cause of that is the

Speaker A

super national nature of the illegal system in which we have the rules uh emerge and subsidiarity but we're not going to talk about that. Um I don't know whether you want to say something about design enforcement since we talk about also uh

Speaker A

capacity building whether the independence you know like from also your perspective you want to say something. um not necessarily on the independence, right? But uh I I do want to address a bit the idea of having uh citizens I

Speaker A

mean the discussion about citizens and enforcement models in general because I think it's also um related in a way to capacity building but in the other sense is to AI literacy or digital literacy in general because to be able for um

Speaker A

authorities to make decisions on uh right respecting decisions then you need also the other the counterparts or like the citizen business and individual affective individuals to also know their rights. So that's also something that I think maybe it's part of the equation um

Speaker A

that has been discussed in the omnivous of course but should maybe get more relevance of course u uh just as part of the whole discussion on designing enforcement mechanisms. Um of course yeah thank you and maybe maybe you know

Speaker A

like moving to the question about also about who is the focus of protection and know whether Luba should actually want to say something from the perspective of the DSA. So was supposed to because the DS has introduced some remedies also

Speaker A

that were not there before in the previous legal framework with the e-commerce directly was pretty much not in there you know so it's also interesting to reflect maybe who sees the address of protection when it comes for instance under the framework of the

Speaker A

DSA considering the new remedies that have been introduced already I mean now it's been some years and maybe also you can deal with the question about the fitness check and enforcement to see you know like whether something's going to

Speaker A

change. Sure on the users I'd say that DSA is very strong of course because you know for the rights that that they have toward the intermediaries that's one thing but also for example when it comes to uh the risk mitigation risk

Speaker A

assessment by the uh by the virtualiz platform and search engines there's for example a clear requirement to when devising the mitigation measures to discuss the things with those that are to be affected by it which means to use

Speaker A

a group for example. So that's that's clearly there. Whenever there are guidelines we are issuing you know there is a consultation where know we give opportunity to consumer groups to comment on that. It is true that there is no dedicated uh complaint mechanism

Speaker A

to complain to the commission. It is not true that you can't complain to the commission but it's a very general you know uh thing. uh but we do get complaints but the DSA because how it's how it's tech and you know how it is

Speaker A

envisaged how many users are affected by the DSA and have interest there that you know the process is streamlined via digital services coordinators this is this is a design feature of the DSA so there is not a dedicated uh route to to

Speaker A

directly complaint commission when it comes to uh fitness well these processes are happening and always and especially from part I'm not familiar with other legislation how this function but in our perspective the user is really a center of this you know the uh the DSA was

Speaker A

designed with the user in mind and to protect the users not only like special types of user as protection of of miners would do but also like uh just the users in general and it goes from both I would

Speaker A

say both sides because you know sometimes we are accused that by seemingly protecting users you are infringing on other users rights for example, freedom of speech, but you know the the user perspective is there from both sides. So it's no protection of

Speaker A

general well-being for example but also there's a limit on how much the the platforms are required to mitigate uh or even like allowed to mitigate uh the risks. So for example the protection of fundamental rights of the users are

Speaker A

special limit right so you can't you know like overbearingly try to impose some kind of restrictions on other users because you are protecting some so this focus is very much that yeah then thank you so much for that and

Speaker A

continuing time and if we want to collect other questions I think there are at least two questions for Bianca as well one was maybe more on the you know the explanation of our abusive request you know like in the omnibus And the

Speaker A

other one was about maybe also you can deal with the question about how much the omnibus is becoming not a question of simplification really but it's more like adding a little bit of more complexity to the big picture

Speaker A

of course. Um, so on the data subject access request um, uh, question, I mean, it's it's very interesting research uh, by the sounds of it and you're probably much more of an expert than I am. Um but I'll I'll refer to the EDP EDPS joint

Speaker A

guidance on the the digital omnibus again because what they suggest as a sort of way forward um is that is essentially to link this notion of abusive uh uh request to the existence of an abusive intention on the basis of

Speaker A

objective elements. Um so and and this should be like intent to cause harm to the controller. I'm not, you know, I'm I'm very skeptical of uh sort of an analysis by a DPA of the intention of a data subject or something like this. And

Speaker A

so I think, you know, on the basis of objective elements like this addition is very crucial. Um and and in general, I would be, you know, very very skeptical of questions that are essentially, you know, along the lines of well, why are

Speaker A

you exercising this right? um you know so and I think the the the this joint opinion does go into uh into some interesting uh detail around that and also some recommendations for a way forward because I think you know the

Speaker A

digital omnibus it is going to happen and so what are some of the ways forward on on uh these issues and then the second question was about the omnibus is not very much about simplification become the way to justify making things

Speaker A

more complicated I mean I I don't know if things will be more complicated but I think there's probably a likelihood that they will be equally complicated because I mean law is law and so this is just a little bit

Speaker A

the process. So for example even if the personal data definition does change there will be a whole new process of guidance of consultations of case law of Jewish prudence at member state and EU levels you know so so the the discussion

Speaker A

will continue even under this new definition. Um what though may be an impact in the meantime is is really a narrowing of the scope and a and a lowering of the standard of protection of individuals.

Speaker A

Right. Thank you so much for these inputs. Uh now we'll start since we have a little bit more than 10 minutes a second round of questions if there are.

Speaker A

I think there was one there. Um there any other questions? No, I see just one maybe or there is another one there. Okay. So, okay.

Speaker A

Thanks very much. Um Oliver Marsh from Algorithm Watch. Um I want to pick up on Angelica's point about capacity building which I also agree is super important and for advocacy organizations and policy organizations external the ability to support you all externally is

Speaker A

super important. I've mostly worked in the DSA and I think we can say that there's a lot of intention to involve external stakeholders and we've seen it in um the recital 90 that Lubos mentions but I think we've also seen in practice

Speaker A

there are enormous challenges forget about whether the platforms are engaging but with being able to engage fully with regulators because of issues of things like confidentiality process um the how much we can be deeply involved so just for the whole panel although Angelica

Speaker A

raised it I'd be interested to know how we balance the ability to do external capacity building give information know what information you're missing in enough detail to provide it and not kind of give kind of broad support. How can

Speaker A

we balance the issues you have about confidentiality and external engagement with our ability to give you the targeted interventions and support that you might benefit from?

Speaker A

Thank you so much. There is another question if I'm not wrong right there. Okay. Thank you.

Speaker A

Thank you. Um it's my name is Oral Linsky from UCL faculty of laws. Um I have two questions. The first is how the panel see the relationship between kind of private enforcement um and some maybe some of the opportunities and challenges

Speaker A

of having private enforcement run alongside this fairly complex public enforcement um structure. And the second question is about how we measure effectiveness or what is good in this area. Um, you know, we've obviously over the last years had a lot of conversation

Speaker A

about whether that's the metric is fines, the number of fines imposed, whether it's, you know, some people say if we're imposing fines, we've already failed. It should be about regulatory conversations.

Speaker A

Um, so, you know, should we be thinking about this on an instrument by instrument basis or, you know, any thoughts on on the metric of what good looks like?

Speaker A

Any other questions? I should know I don't want to say last call but is there any other question okay so I think we can answer I think there is a lot to say already you know like maybe we can start with the one on

Speaker A

capacity building and all the questions about how much we can interact and engage you know when it things get serious you know like and uh Angelica I don't know whether you want to say something about that um I want two two brief comments but I

Speaker A

think that that question is is better exemplified in the DSA where there's already experience when engaging external stakeholders. So that's basically um it's too early on to say for example for the AI to engage with external stakeholders but uh what what

Speaker A

what would that look like in general but uh for example at the level of the different networks which are more about and knowled exchange and expertise I mean we they engage I mean the the the chairs engage with a lot of with

Speaker A

different NGOs's for example I for I know for a fact like algorithmic audit and a lot of the NGOs's work in that space about auditing AI systems because that speaks a lot about uh you know uh testing assessment and things that you

Speaker A

know are very technical and that supervisor authorities need to understand better. So u there's been that exchange and so um yeah so that happens uh but it's too early to know more in structurally how that would look like for national supervisory

Speaker A

authorities is already working in yeah on the day-to-day under that implementation uh but on that um and and saying because it's early on I would also try to um talk about article 77 on the Act and implementation which is

Speaker A

between uh you know fundamental rights authority and market surveillance authorities and like how they connect with each other and what they need to learn to be able to for example assess a case about some something that happened or went wrong with an AI system and and

Speaker A

and then you'll see that only we are now trying to understand what type of information is needed and engaging with those perhaps other stakeholders that we can qualify as others um or external in a way um so it's like little by little

Speaker A

and this is very early on um so just to to give you an idea of like how we manage step by uh but now to lublish please thank you and yeah it was already mentioned that there's a lot of

Speaker A

engagement that we're doing also you know this is a process where even you know we are figuring out like what is exact you know data for example we need or form that so we and we've heard that criticism from from the outside of time

Speaker A

that we are not clear about you know what we are asking but you know it took some time to figure that out but I think we're getting there so that's that's one thing. The other is yes there we are

Speaker A

constantly trying to figure out mechanisms how we can support uh you know NGO CSO that that are working in the area and can support us with uh monitoring there's also this part of the DSA that is about transparency I haven't

Speaker A

mentioned it yet but this is very strong part of the DSA that you know the access to data for example so we are also you know because we understand that sometimes it's not working and supposed to so there are also cases open again

Speaker A

the platform that are you know not not doing uh uh the job that they are required to under the USA. So there are different strains where we are doing that also we need to be conscious about I think that you know all sometimes

Speaker A

there is such a thing as too much data for example. So we need to be really careful what we are looking for and for that you need metrics of course for that we need external help you know with

Speaker A

researchers to help us to to come up with those things that we are actually looking for and this I think you know would apply really horizontally to whenever you are trying to figure out whether something is efficient. Now it

Speaker A

also helps that we have audits under our DSA and this is very important because one thing is to have metrics. The other is that you can actually uh believe what you're getting right you have a verified data and for that the audits are

Speaker A

actually great help because you know before that whatever the platform sent you you just you know took that as a as a given and you know couldn't question it in any way.

Speaker A

Thank you. just just to add on the on the capacity building question because I think it's it's a really great question and super important um and and looking at what we you know what what is needed you know I

Speaker A

think maybe I can share a couple of examples of you know what we do with FPF which is a lot of multistakeholder engagement where we we really believe that obviously DPA should be part of uh fora in which they can you know

Speaker A

cooperate with uh other regulators and other authorities but also you different opportunities to also hear from different stakeholders like civil society, industry, academia and kind of having them in the same room as as everybody else and and uh being able to

Speaker A

to discuss that way. Um foreseeing also what DPAs are concerned about um you know for us such as the global privacy assembly is is really interesting particularly the open sessions which are are accessible and and this year the GPA

Speaker A

will actually be in Brussels. So that's also much closer uh for for a lot of people and also looking at um DPA strategic reports which actually you know my colleague Andre in the audience uh really analyzes some of these uh you

Speaker A

know strategic outlooks for the next uh year or two years or or or maybe longer because that always gives an indication not just of regulatory focus but also of course where where input could actually be really useful.

Speaker A

Thank you. Thank you so much also for this inputs. We have five minutes and two very important questions.

Speaker A

Relationship between public and private enforcement and how we measure effectiveness of enforcement. Okay, we have five minutes. We can do that. Who wants to start? Simona, please. I would like to take this question and thank you so much Arla for raising those questions

Speaker A

because they are very important and very stimulating for me to think also for the handbook as an editor because uh indeed uh it's something to be to be to be thought of. I will take them in in the

Speaker A

reverse order. The enforcement metric for me it's something um that would come down to the quality of the law the quality of the procedures. So when you think about the requirement of perceivability of the law, so the individuals or the regulated companies

Speaker A

or whoever that is subject of the rules is to be aware of where they can turn to to to exercise their rights to enforce their rights uh or to question perhaps decisions adopted by different regulators that may concern them. So

Speaker A

that kind of for civility talks about the quality of procedures that are behind the architecture of enforcement and that would be a metric to be used here. Uh and the second element of this metric would be uh also

Speaker A

the legitimacy of uh of the regulators that are then uh brought into the picture and here um it comes down to the to the independence guarantee for instance. So, so you as a as an individual or as a regulated company

Speaker A

should know so should be able to be aware of the procedures and who you can turn to and then if you turn to that uh enforcer you should be able to trust that the expertise that is exercised by

Speaker A

those authorities is uh legitimate in the sense uh that if there is a conflict of competences between two regulators you know whose word should prevail and why uh in certain circumstances and this is down also to the to the operation the

Speaker A

cooperation mechanisms and when it comes to the private and public uh enforcement mechanisms here it's something that we also work together with Javanni on uh in our article on on remedies uh if you think for instance the complimentarity

Speaker A

between uh direct complaint mechanisms that exist under the DSA uh where individuals can bring claims directly between uh to the uh platforms for instance you You may think well the platforms may be better equipped they may have better expertise to address

Speaker A

those claims of course than than courts or independent supervisors that are outside of the of the company itself but then of course they may also have their own interests that they wish to protect.

Speaker A

They may adopt automated mechanisms to address those claims. So there is a certain complimentarity in in reducing burden on independent uh regulators on the courts especially when we think about amount of claims that are possibly uh emerging in this field. But of course

Speaker A

with checks and balances they should be uh when it comes to well the private enforcement should also be subject to uh checks and balances of public enforcement let's say uh in a that's my perspective as a public public law

Speaker A

school. Okay, I will give it. Thank you so much. We have one minute la left left, so we don't have time for other questions as you can see. I don't know whether is then any final remark.

Speaker A

Oh, this is on me actually. Yes. Okay, it's on me. Okay, fair enough. Okay, thank you so much. I wanted just to thanks all the speakers here. This has been a a great uh I mean overview of the

Speaker A

problems. Of course, you really you know like just uh this is just the beginning because as you can see this is a topic that we need to discuss more rather than always being obsessed about uh things connected to how we interpret the two

Speaker A

legal frameworks together. Enforcement is really important especially when it comes to the delivery you know in terms of comes also to the protection at the end of the people you know and the citizens to which enforcement is you

Speaker A

know of course is directed so and of course you know like a brief note to thanks all the audience for this question to stay with us so late you know like because I mean it's late compared after a long day this is the

Speaker A

second day already and of course thank you so much for being here with us and I mean we'll see you soon in the next days thank you thank

Topics:digital regulationEU lawenforcement challengesdigital omnibusDSAGDPRAI Actregulatory cooperationconstitutional principlesdigital governance

Frequently Asked Questions

What are the main enforcement challenges discussed in the video?

The panel highlights challenges such as fragmented legislation, overlapping jurisdictions, cooperation difficulties between EU and member states, and procedural complexity that affect the enforcement of EU digital regulation.

How does the digital omnibus law impact enforcement of digital regulations?

The digital omnibus aims to reduce legal uncertainty for companies but does not fully resolve enforcement difficulties, especially regarding regulator coordination and accountability.

Why is regulator independence important in the context of EU digital regulation enforcement?

Independence is fundamental to ensure that regulators can enforce rules impartially and effectively, maintaining legitimacy and public trust in the enforcement system.

Get More with the Söz AI App

Transcribe recordings, audio files, and YouTube videos — with AI summaries, speaker detection, and unlimited transcriptions.

App Store Google Play

Or transcribe another YouTube video here →