Legal Tech News Review Week 28 August 4 October 2020, by Eleni Kozari

EU Commission’s envision of a European Digital Identity

Constituting part of Commission’s presentation to the Council Telecommunications and Information Society Working Party, the Commission expressed its vision to develop an EU-wide electronic identification framework, aiming to ensure a ‘trusted and secure’ form of online identification for use in both public and private services.

Acknowledging the criticality of digital identification to the operation of both public and private services, including social media platforms, which according to the Commission lack sufficient security for online identification, the Commission advocates for the adoption of a EU-wide framework. Although the eIDAS Regulation (Regulation (EU) No 910/2014) formulates the basis for national digital identification schemes and trust services, further harmonization and development of a more resilient market for electronic identification systems is sought.

Hence, the Commission presented its envision of a ‘universally available and usable’ framework that can be employed by both public and private service providers in all transactions mandating identification. In addition, such a framework should ensure that EU individuals retain control over their digital identity and their data, facilitating at the same time their access to cross-border digital services. To this end, challenges such as  cross-border use of eID schemes, currently, only to the public services and the limited public sector digitalization of Member States, should be addressed.

Finally, the Commission’s vision has been adopted from the EU Council, in its meeting held on 1 and 2 October, and the Commission has been invited to provide a proposal for a ‘European Digital Identification’ initiative by mid-2021 (see below).

See more here


EU Council’s Conclusions on Digital Matters


On 2nd of October 2020, the General Secretariat of the EU Council published the conclusions adopted by the European Council on the meeting held on 1 and 2 October. Inter alia, the conclusions cover policy-making executive plans on digital matters.

Acknowledging the mandate of an overall EU recovery from the effects of COVID-19, the Council stressed the need to reinforce digital transformation, which constitutes one of the pillars for such a recovery (note: the other is green transition). Such a fostering, though, should be accompanied with initiatives for the growth of Single Market. For instance, an updated EU competition framework with clear rules on economic operators and digital sector innovation is mandated. To this end, the adoption of rules on the role and responsibilities of online networks with significant network effects should be examined.

In order to foster EU’s resilience and mitigate strategic dependencies, the Council has concluded that the development of new industrial alliances on microprocessors, secure telecommunications networks, industrial clouds and platforms should be pursued. In addition, EU digital sovereignty is crucial and requires a sound and truly digital Single Market, including fostering the European development of infrastructure and capacities in strategic digital value chains. Those range from supercomputers, quantum computing, high capacity and secure network infrastructure to microprocessors respectively. Accordingly, the Council welcomed the concept of an EU federated cloud infrastructure that ensures the storage and processing of European Data in the EU.

The conclusions also specifically refer to the funding of SMEs, under the Recovery and Resilience Facility, aiming to encourage digital transition. However, the Council highlighted that any digital development initiative should safeguard European values and rights, such as data protection and privacy.

Finally, the EU Council endorsed the concept of creating common European data spaces in strategic sectors and the pooling of high-quality data for the establishment of a truly competitive data economy within the EU.

See more here


EU Commission data transfer mechanism to be ready by Christmas


The Executive Vice President of the EU Commission, Margrethe Vestager, has announced that a data transfer mechanism, enabling the transfer of European data around the world, will be ready by Christmas.

The announcement comes to ease the concerns and the legal uncertainty that has arisen since the CJEU’s ruling on Schrems II case, leading to the invalidation of Privacy Shield. Although the Court’s decision upheld the legality of Standard Contractual Clauses (SCC), as a valid data transfer mechanism, it also mandated national Data Protection Authorities to prohibit or suspend data transfers outside EU, even if performed upon SCC, in case sufficient data protection safeguards are not provided in the third country.

Hence, many entities have currently restrained or suspended data transfers to third countries, in particular to the US, due to the legal risks.

See more here


Belgian DPA refers to the CJEU for a case involving Facebook


The Belgian DPA has referred to the CJEU seeking to take action against Facebook for tracking users in Belgium through cookies, stored in Facebook’s social plug-ins. The tracked users did not necessarily have account to the company’s social media platform.

The Belgian DPA referred to the Court due to Facebook’s claim about lack of territorial competence of the DPA. According to the company, in the light of ‘one-stop-shop’ mechanism of the GDPR, in cross-border privacy issues the lead supervisory authority (Irish DPA hereto) is the only competent authority for the enforcement of GDPR provisions.

Beyond the ‘one-stop-shop’ mechanism, GDPR equips national DPAs with competence in case where data protection violations are limited to a specific country. In this case, the CJEU should address the issue whether the ‘one-stop-shop’ mechanism is exhaustive or national DPAs are also able to enforce it by bringing court proceedings before national courts.

In addition, the CJEU should clarify the issue of GDPR’s applicability since the latter came into force in 2018 while the case dates back to 2015.

See more here


Human Rights advocacy groups express concerns over Russian facial recognition systems


Russia has announced the countrywide expansion of facial recognition technology by installing CCTV cameras, equipped with such technology, in public spaces and entrances of buildings. The purpose of this expansion is the protection of public safety and, at first hand, it will concern ten pilot cities.

As a response, many human rights groups have rigorously criticized the forthcoming expansion, giving rise to privacy and human rights-related concerns and implications, including a potential ‘chilling effect’ on protesters. According to the groups, such concerns escalate given the increased powers of law enforcement agencies. Pursuant to national security laws, the latter may be granted access to any data requested for public safety purposes.

To this end, Russian’s surveillance practices enabled via the use of technology, as are already performed in Moscow, have been challenged before the European Court of Human Rights. In addition, claims about breaches of personal data, that was collected through facial recognition cameras and ended up being sold in the dark web, have also emerged.

See more here