EU

Poland fails to appoint DSA regulator after EU deadline

A year after the EU’s legal deadline, Poland has yet to designate a national regulator to help the European Commission enforce the Digital Services Act (DSA), which governs online platforms. The country risks being referred to the EU courts for non-compliance, becoming the only member state not to have appointed a regulator. The European Commission initiated an infringement procedure in late 2023, urging Poland to meet the requirements.

Poland was also warned for not establishing penalty rules under the DSA. While Belgium has named its telecom regulator as the country’s DSA coordinator, Poland has not made such appointments, although the Ministry for Digitalization stated that it is ‘working on’ implementing the regulation. The process is still ongoing, with no clear timeline for completion.

The DSA, aimed at curbing illegal content online, required EU member states to designate national regulators by February 2024. These Digital Services Coordinators (DSCs) are meant to oversee the implementation of the rules and support the European Commission in monitoring compliance. Poland’s delay, along with Spain and the Netherlands, has led to formal notices from the Commission, which could take further legal action if the issues are not resolved soon.

For more information on these topics, visit diplomacy.edu.

EU’s Ribera criticises Trump’s disruption of transatlantic relations

The EU’s competition chief, Teresa Ribera, has criticised US President Donald Trump for disrupting the ‘trustful relationship’ between Europe and the United States, highlighting the unpredictability and instability of Washington’s actions. In an interview with Reuters, Ribera stated that while Europe must engage in negotiations with the White House on trade issues, it should not be pressured into changing laws that have already been passed. She emphasised that Europe must remain firm on its principles, including human rights, democracy, and the unity of the continent, despite Trump’s transactional political approach.

Ribera also responded to criticism from Trump and his government, who have labelled EU regulations on US tech companies as a form of taxation. She dismissed these claims, stressing that Europe’s legal framework aims to ensure stability and predictability for businesses. In contrast, she expressed concern over the uncertainty created by the White House’s frequent policy shifts, particularly with regard to tariffs on steel, aluminium, and other sectors. The EU has vowed to respond firmly to any tariff increases imposed by Trump.

In addition, Ribera revealed that the European Commission would soon decide whether tech giants Apple and Meta Platforms have complied with the EU’s Digital Markets Act. Both companies face potential fines if found in breach of the regulations, which are designed to curb their market dominance. Ribera also confirmed that investigations into Elon Musk’s social media platform X would continue, disregarding Musk’s ties to the US administration.

As tensions between Washington and Brussels continue to rise, Ribera reiterated that businesses seek a stable and predictable legal environment, something she feels is increasingly lacking in the US under Trump’s leadership. The EU remains committed to enforcing its regulations and protecting its values despite external pressures.

For more information on these topics, visit diplomacy.edu.

EU denies US influence over AI regulation rollback

The European Union has dismissed claims that recent decisions to scale back planned AI regulations were influenced by pressure from the US Trump administration. The bloc recently scrapped the AI Liability Directive, a draft law intended to make it easier for consumers to sue over AI-related harms. EU digital chief Henna Virkkunen stated that the move was driven by a desire to enhance competitiveness by reducing bureaucracy and regulatory burdens.

Washington has encouraged a more lenient approach to AI rules, with US Vice President JD Vance urging European lawmakers to embrace the ”AI opportunity” during a speech in Paris.

The timing of the European Commission‘s 2025 work programme release—one day after Vance’s remarks—has fuelled speculation about US influence over the bloc’s regulatory decisions. However, the EU insists that its focus remains on fostering regional AI development rather than bowing to external pressure.

The upcoming AI code of practice will align reporting requirements with existing AI legislation, ensuring a streamlined regulatory framework. The Commission’s work programme emphasises a ”bolder, simpler, faste” approach, aiming to accelerate AI adoption across Europe while maintaining regulatory oversight.

For more information on these topics, visit diplomacy.edu.

Meta opens Facebook Marketplace to rivals after EU antitrust fine

Meta has announced a new programme allowing rival classified ad providers to list their adverts on Facebook Marketplace, following a €797 million EU antitrust fine for unfair competition.

The European Commission ruled in November that Meta had given its own service an unfair advantage by tying Marketplace to Facebook and imposing restrictive trading conditions on competitors.

The company has challenged the fine in court but says the new initiative, called the Facebook Marketplace Partner Program, is a response to EU competition concerns.

The programme was tested last month in Germany, France, and the United States in partnership with eBay. Under the scheme, third-party online classified ad services can display their listings on Facebook Marketplace alongside user-generated listings.

Meta maintains that the EU’s decision unfairly targets US companies, with CEO Mark Zuckerberg previously describing EU actions as akin to a “tariff regime.”

The European Commission is now reviewing whether Meta has fully complied with the ruling. If found lacking, the company could face further scrutiny and potential penalties. The move marks a significant shift in how Marketplace operates, potentially reshaping competition in the online classified ads sector.

For more information on these topics, visit diplomacy.edu.

EU scraps tech patent, AI liability, and messaging privacy rules

The European Commission has abandoned proposed regulations on technology patents, AI liability, and privacy rules for messaging apps, citing a lack of foreseeable agreement among EU lawmakers and member states. The draft rules faced strong opposition from industry groups and major technology firms. A proposed regulation on standard essential patents, designed to streamline licensing disputes for telecom and smart device technologies, was scrapped after opposition from patent holders like Nokia and Ericsson. Car manufacturers and tech giants such as Apple and Google had pushed for reforms to reduce royalty costs.

A proposal that would have allowed consumers to sue AI developers for harm caused by their technology was also withdrawn. The AI Liability Directive, first introduced in 2022, aimed to hold providers accountable for failures in AI systems. Legal experts say the move does not indicate a shift in the EU’s approach to AI regulation, as several laws already govern the sector. Meanwhile, plans to extend telecom privacy rules to platforms like WhatsApp and Skype have been dropped. The proposal, first introduced in 2017, had been stalled due to disagreements over tracking cookies and child protection measures.

The decision has drawn mixed reactions from industry groups. Nokia welcomed the withdrawal of patent rules, arguing they would have discouraged European investment in research and development. The Fair Standards Alliance, representing firms such as BMW, Tesla, and Google, expressed disappointment, warning that the decision undermines fair patent licensing. The Commission has stated it will reassess the need for revised proposals but has not provided a timeline for future regulatory efforts.

For more information on these topics, visit diplomacy.edu.

EU regulators to discuss DeepSeek over data privacy concerns

European data protection authorities are set to discuss Chinese AI startup DeepSeek amid growing concerns about how the company handles personal data. The European Data Protection Board will review the firm’s practices at its monthly meeting on Tuesday, following questions from several national regulators about whether European user data is being used for AI training and if it could be transferred to China.

France‘s privacy watchdog, CNIL, has already questioned DeepSeek about its AI model and any potential risks to user privacy. Ireland‘s data protection authority has also requested information, while Italy has taken a more drastic step by ordering DeepSeek to block its chatbot in the country due to unresolved concerns over its privacy policy.

The European Union is known for its strict data protection laws, with the General Data Protection Regulation (GDPR) considered one of the most comprehensive privacy frameworks globally. Authorities are now working to coordinate their approach to ensure a consistent response to DeepSeek’s activities across the region.

Macron calls for investment and simplified AI rules

At the AI summit in Paris, French President Emmanuel Macron announced that Europe would reduce regulations to foster the growth of AI in the region. He called for more investment, particularly in France, and highlighted the importance of simplifying rules to stay competitive globally. Macron drew comparisons to the rapid reconstruction of the Notre-Dame cathedral, stating that a similar streamlined approach would be adopted for AI and data centre projects across Europe.

European Union digital chief Henna Virkkunen echoed Macron’s comments, promising to cut red tape and implement business-friendly policies. With the US pushing ahead with lighter AI regulations, there is increasing pressure on Europe to follow suit. Sundar Pichai, CEO of Alphabet, emphasised the need for more ecosystems of AI innovation, similar to the one emerging in France. The EU had previously passed the AI Act, which is the world’s first comprehensive set of AI regulations, but many at the summit urged a more flexible approach.

At the summit, France announced a major push for AI investment, including €109 billion from the private sector, and the launch of the Current AI partnership. This initiative, backed by countries like France and Germany, aims to ensure AI remains inclusive and sustainable. However, not all voices at the summit supported reducing regulations. Concerns were raised about the potential risks of weakening safeguards, particularly for workers whose jobs might be affected by AI advancements.

For more information on these topics, visit diplomacy.edu.

Data Protection Day 2025: A new mandate for data protection

This analysis will be a detailed summary of Data Protection Day, providing the most relevant aspects from each session. The event welcomed people to Brussels, as well as virtually, to celebrate Data Protection Day 2025 together.

Filled with a tight schedule, the event programme kicked off with opening remarks by the Secretary General of the European Data Protection Supervisor (EDPS), followed by a day of panels, speeches and side sessions from the brightest of minds in the data protection field.

Keynote speech by Leonardo Cervera Navas

Given the recent political turmoil in the EU, specifically the repealing of the Romanian elections a few months ago, it was no surprise that the first keynote speech addressed how algorithms are used to destabilise democracies and threaten them. Navas explained how third-country algorithms are used against EU democracies to target their values.

He then went on to discuss how there is a big power imbalance when certain wealthy people with their companies dominate the tech world and end up violating our privacy. However, he turned towards a hopeful future when he spoke about how the crisis in Europe is making us Europeans stronger. ‘Our values are what unite us, and part of them are the data protection values the EDPB strongly upholds’, he emphasised.

He acknowledged the evident overlap of rules and regulations between different legal instruments but also highlighted the creation of tools that can help uphold our privacy, such as the Digital Clearing House 2.0.

Organiser’s panel moderated by Kait Bolongaro

This panel discussed a wide variety of data protection topics, such as the developments on the ground, how international cooperation played a role in the fight against privacy violations, and what each panellist’s priorities were for the upcoming years. That last question was especially interesting to hear given the professional affiliations of each panellist.

What is interesting about these panels, is the fact that the organisers spent a lot of time curating a diverse panel. They had people from academia, private industry, public bodies, and even the EDPS. This ensures that a panel’s topic is discussed from more than one point of view, which is much more engaging.

Wojciech Wiewiorowski, the current European Data Protection Supervisor, reminded us of the important role that data protection authorities (DPAs) play in the effective enforcement of the GDPR. Matthias Kloth, Head of Digital Governance and Sport, CoE, showed us a broader perspective. As his work surrounds the evolved Convention 108, now known as Convention 108+, he shed some light on the advancements of updating and bringing past laws into today’s modern age.

Regarding international cooperation, each panellist had their own unique take on how to facilitate and streamline it. Wiewiorowski correctly stated that data has no borders and that cooperation with everyone is needed, as a global effort. However, he reminded, that in the age of cooperation, we cannot have a low level of protection by following the ‘lowest common denominator level of protection’.

Jo Pierson, Professor at the Vrije University Brussels and the Hasselt University, said that international cooperation is very challenging. He gave the example that country’s values may change overnight, giving the example of Trump’s recent re-election victory.

Audience questions

A member of the audience posed a very relevant question regarding the legal field as a whole.
He asked the panellists what they thought of the fact that enforcing one’s rights is a difficult and
costly process. To provide context, he explained how a person must be legally literate and bear their own costs for litigation to litigate or filing an appeal.

Wiewiorowski of the EDPS pointed out that changing the procedural rules of the GDPR is not feasible to tackle this issue. There is the option for small-scale procedural amendments, but he does not foresee the GDPR being opened up in the coming years.

However, Pierson had a more practical take on the matter and suggested that this is where individuals and civil society organisations can join forces. Individuals can approach organisations such as noyb, Privacy International, and EDRi for help or advice on the matter. But then it begs the question, on whose shoulders should this burden rest?

One last question from the audience was about the bombshell new Chinese AI ‘DeepSeek’ recently dropped onto the market. The panellists were asked whether this new AI is an enemy or a friend to us Europeans. Each panellist avoided calling Chinese AI an enemy or a friend, but they did find common ground on the fact that we need international cooperation and that an open-source AI is not a bad thing if it can be trained by Europeans.

The last remark regarding this panel was Wiewiorowski’s comment on Chinese AI and how he compared it to ‘Sputnik Day’ (the 1950s space race between the United States and the USSR). Are we in a new technological gap? Will non-Western allies and foes beat us in this digital arms race?

Data protection in a changing world: What lies ahead? Moderated by Anna Buchta

This session also had a series of interesting questions for high-profile panellists. The range of this panel was impressive as it regrouped opinions from the European Commission, the Polish Minister of Digital Affairs, the European Parliament, the UK’s Information Commissioner, and DIGITALEUROPE.

Notably, Marina Kaljurand from LIBE and her passion for cyber matters. She revealed that many people in the European Parliament are not tech literate. On the other hand, some people are extremely well-versed in how the technology is used. There seems to be a big information asymmetry within the European Parliament that needs to be addressed if they are to vote on digital regulations.

She gave an important overview of the state of data transfers with the UK and the USA. The UK has in place an adequacy decision that has raised multiple flags in the European Parliament and is set to expire in June 2025.

The future of data transfer in the UK is very uncertain. As for the USA, she mentioned that there will be difficult times due to the actions of the recently re-elected President Trump that are degrading US-EU relations. Regarding her views on the child sexual abuse material regulation, she stresses how important it is to protect children and that the debate is not about whether or not to protect them or not, but that it is difficult to find out ‘how’ to protect them.

The current proposed regulations will put too much stress on violating one’s privacy, but on the other hand, it is difficult to find alternatives to protect children. This reflects how difficult regulating can be even when everyone at the table may have the same goals.

Irena Moozova, the Deputy Director-General of DG JUST at the European Commission, said that her priorities for the upcoming years are to cut red tape, simplify guidelines for businesses to work and support business compliance efforts for small and medium-sized enterprises. She mentions the public consultation phases that will be held for the upcoming Digital Fairness Act this summer.

John Edwards, the UK Information Commissioner, highlighted the transformative impact of emerging technologies, particularly Chinese AI, and how disruptive innovations can rapidly reshape markets. He discussed the ICO’s evolving strategies, noting their alignment with ideas shared by other experts. The organisation’s focus for the next two years includes key areas such as AI’s role in biometrics and tracking, as well as safeguarding children’s privacy. To address these priorities, the ICO has published an online tracking strategy and conducted research on children’s data privacy, including the development of systems tailored to protect young users.

Alberto Di Felice, Legal Counsel to DIGITALEUROPE, stressed the importance of simplifying regulations. He repeatedly stated numerous times that there is too much bureaucracy and too many actors involved in regulation. For example, if a company wants to operate in the EU market, they will have to consult DPAs, AI Act authority, data from the public sector (Data Governance Act), manufacturers or digital products (authorities for this), and financial sector authorities.

He advocated for a single regulator. He also mentioned how the quality of regulation in Europe
is poor and that sometimes regulations are too long. For example, some AI Act articles are 17 lines long with exceptions and sub-exceptions that lawyers cannot even make sense of. He suggested reforms such as having one regulator and proposing changes to streamline legal compliance.

Keynote speech by Beatriz de Anchorena on global data protection

Beatriz de Anchorena, Head of Argentina’s DPA and current Chair of the Convention 108+ Committee, delivered a compelling address on the importance of global collaboration in data protection. Representing a non-European perspective, she emphasised Argentina’s unique contribution to the Council of Europe (CoE).

Argentina was the first country outside Europe to receive an EU adequacy decision, which has since been renewed. Despite having data protection laws originating in the 2000s, Argentina remains a leader in promoting modernised frameworks.

Anchorena highlighted Argentina’s role as the 23rd state to ratify the Convention 108+, noting that only seven more countries need to ratify it to come into force fully. She advocated Convention 108+ as a global standard for data protection, capable of upgrading current data protection standards without demanding complete homogeneity. Instead, it offers a common ground for nations to align on privacy matters.

What’s on your mind: Neuroscience and data protection moderated by Ella Mein

Marcello Ienca, a Professor of Ethics of AI and Neuroscience at the University of Munich, gave everyone in the audience a breakdown of how data and neuroscience intersect and the real-world implications for people’s privacy.

The brain, often described as the largest data repository in the world, presents a vast opportunity for exploration and AI is acting as a catalyst in this process. Large-scale language models are helping researchers in decoding the brain’s ‘hardware’ and ‘software’, although the full ‘language of thought’ remains unclear and uncertain.

Neurotechnology raises real privacy and ethical concerns. For instance, the ability to biomark
conditions like schizophrenia or dementia introduces new vulnerabilities, such as the risk of
‘neuro discrimination’, where predicting one’s illness might lead to stigmatisation or unequal
treatment.

However, it is argued that understanding and predicting neurological conditions is important, as nearly every individual is expected to experience at least one neurological condition in their lifetime. As one panellist put it, ‘We cannot cure what we don’t understand, and we cannot understand what we don’t measure.’

This field also poses questions about data ownership and access. Who should have the ‘right to read brains’, and how can we ensure that access to such sensitive data, particularly emotions and memories unrelated to clinical goals, is tightly controlled? With the data economy in an ‘arms race’, there is a push to extract information directly from its source: the human brain.

As neurotechnology advances, balancing its potential benefits with safeguards will be important to ensure that innovation does not come at the cost of individual privacy and autonomy as mandated by law.

In addition to this breakdown, Jurisconsult Anna Austin explained to us the ECtHR’s legal background surrounding this. A jurisconsult plays a key role in keeping the court informed by maintaining a network that monitors relevant case law from member states and central to this discussion are questions of consent and waiver.

Current ECtHR case law states that any waiver must be unequivocal, fully informed, and fully understand its consequences, which can be challenging to meet. This high standard exists to safeguard fundamental rights, such as protection from torture and inhumane treatment and ensuring the right to a fair trial. As it stands, she stated that there is no fully comprehensive waiver mechanism.

The right to a fair trial is an absolute right that needs to be understood in this context. One nuance in this context is therapeutic necessity where forced medical interventions can be justified under strict conditions with safeguards to ensure proportionality.

Yet concerns remain regarding self-incrimination under Article 6. Particularly in scenarios where reading one’s mind could improperly compel evidence, raising questions about the abuse of such technologies.

Alessandra Pierucci from the Italian DPA made a relevant case for whether new laws should be
created for this matter or whether existing ones are sufficient. Within the context of her work, they are developing a mental privacy risk assessment.

Beyond privacy unveiling the true stakes of data protection. Moderated by Romain Robert

Nathalie Laneret, Vice President of Government Affairs and Public Policy at Criteo, presented her viewpoint on the role of AI and data protection. Addressing the balance between data protection and innovation, Laneret explained that these areas must work together.

She stressed the importance of finding a ways to use pseudonymised data and clear codes of conduct for businesses to use when pointing out that innovation is high on the European Commission’s political agenda.

Laneret addressed concerns about sensitive data, such as children’s data, highlighting Criteo’s proactive approach. With an internal ethics team, the company anticipated potential regulatory challenges around sensitive data, ensuring it stayed ahead of ethical and compliance issues.

In contrast, Max Schrems, Chair of noyb, offered a more critical perspective on data practices. He pointed out the economic disparity in the advertising model, explaining that while advertisers generate minimal revenue per user annually, they often charge users huge fees for their data. Schrems highlighted the importance of individuals having the right to freely give up their privacy if they choose, provided that consent is genuinely voluntary and given.

Forging the future: reinventing data protection? Moderated by Gabriela Zanfir-Fortuna

In this last panel, Johnny Ryan from the Irish Council for Civil Liberties painted a stark picture of
the societal challenges tied to data misuse. He described a crisis fuelled by external influence,
misunderstandings, and data being weaponised against individuals.

However, Ryan argued that the core issue is not merely the problems themselves but the fact that the EU lacks an effective and immediate response strategy. He stated the need for swift protective measures, criticising the current underuse of interim tools that could mitigate harm in real-time.

Nora Ni Loideain, a Lecturer and Director at the University of London’s Information Law and Policy Centre, discussed the impact of the GDPR on data protection enforcement. Explaining how DPAs had limited powers in the past and, for example, in events like the Cambridge Analytica scandal, she noted that the UK’s Data Protection Authority could only fine Facebook £500,000 due to a lack of resources and authority.

This is where the GDPR has allowed for DPAs to step up with independence, greater resources, and stronger enforcement capabilities, significantly improving their ability to hold companies accountable for their privacy violations.

Happy Data Protection Day 2025!

Greece to launch AI tool for personalised education

Greece‘s Ministry of Education is developing an AI-powered digital assistant aimed at helping students bridge learning gaps. Set to launch in the 2025-2026 school year, the tool will analyse student responses to exercises, identifying areas where they struggle and recommending targeted study materials. Initially focused on middle and senior high school students, it may eventually expand to lower elementary grades as well.

The AI assistant uses machine-learning algorithms to assess students’ strengths and weaknesses, tailoring study plans accordingly. Integrated with Greece’s Digital Tutoring platform, it will leverage over 15,000 interactive exercises and 7,500 educational videos. Teachers will also have access to the data, allowing them to better support their students.

Education Minister Kyriakos Pierrakakis highlighted that the project, part of the “Enhancing the Digital School” initiative, is designed to complement, not replace, traditional teaching methods. The initiative, which aims to modernise Greece’s education system, will be funded through the EU Recovery and Resilience Facility. Approval is expected in March, after which competitive bidding will begin for the project’s implementation.

For more information on these topics, visit diplomacy.edu.

EU seeks private investment for AI gigafactories

The European Union is looking to the private sector to help fund large-scale AI computing infrastructure, known as ‘AI Gigafactories,’ to support the development of advanced AI models. Speaking at the AI Action Summit in Paris, EU President Ursula von der Leyen emphasised the need for powerful computing resources to enable European startups to compete globally.

To accelerate AI adoption, the EU has pledged €50 billion in funding, adding to a €150 billion commitment from private sector companies under the EU AI Champions initiative. The goal is to mobilise €200 billion in total investment, making it the largest public-private partnership for AI development in the world.

With the US and China heavily investing in AI infrastructure, Europe is under pressure to keep pace. Von der Leyen argued that Europe’s collaborative approach to AI, focused on shared computing resources and federated data, could provide a competitive advantage. She stressed that AI Gigafactories would be accessible to researchers, startups, and industries, ensuring that Europe remains a key player in the AI race.

For more information on these topics, visit diplomacy.edu.