FPF at CPDP.ai 2024: From Data Protection to Governance of Artificial Intelligence – A Global Perspective

Drawing inspiration from the latest developments in assessing the impacts and regulation of Artificial Intelligence (AI) technologies, the Brussels-based annual Computers, Privacy and Data Protection (CPDP) conference amended its acronym. The 17^th edition became CPDP.ai for Computers, Privacy, Data Protection and Artificial Intelligence conference, taking place on 22-24 May. 

To govern or to be governed, that is the question – this year, the main theme focused on the key questions of AI governance globally, and a vibrant programme explored current digital regulatory frameworks while navigating the complexity of the interplay with topics of privacy and data protection. 

The Future of Privacy Forum (FPF) was present once again, organizing a panel on Global Approaches to AI Regulation: Towards an International Law on AI? FPF staff members also contributed to the conference as speakers in several other panels, having the opportunity to engage on key topics with a great variety of stakeholders from academia, industry, civil society, and regulatory authorities. 

The CPDP.ai organizers recorded all the sessions which are available here.

On May 23, FPF’s Policy Manager for Global Privacy, Bianca-Ioana Marcu moderated the FPF-organized panel on Global Approaches to AI Regulation: Towards an International Law on AI? Joining the conversation were Audrey Plonk, Head of Digital Economy Policy Division at the OECD, Emma Redmond, Associate General Counsel at OpenAI, Bruno Bioni, Director and Founder at Data Privacy Brasil, and Gregory Smolynec, Deputy Commissioner Policy and Promotion at the Office of the Privacy Commissioner of Canada (OPC). 

This multi-stakeholder, comparative panel explored what we can learn from regional and international approaches to AI regulation, and how these may facilitate a more global, interoperable approach to AI laws. Panelists shared key perspectives:

• Bruno Bioni noted that Brazil’s approach to AI regulation is nuanced and context-specific, considering existing asymmetric cultural and power dynamics in Brazil. As such, it incorporates a stronger rights-based approach than, for example, the EU AI Act, by including specific concepts of vulnerability and clauses on the protection of vulnerable groups.
• Commissioner Smolynec highlighted Canada’s approach to AI regulation, through a strategic plan that outlines the priorities of the OPC, including protecting privacy with maximum impact using existing laws, as well as how to address and advocate for privacy in a time of rapid technological changes, fostering a culture of privacy and privacy-by-design, and promoting innovation while at the same time leveraging it to protect fundamental rights. 
• Emma Redmond noted that regulatory alignment and the concept of global harmonization are crucial and that while each piece of regulation has its place and purpose, areas of commonality have to be found. 
• Audrey Plonk added that in order to talk about coherent approaches to AI regulation across countries and regions, we have to start with agreeing on definitions and terminology, such as the OECD’s definition of an AI system which can now be found in different regional AI laws. 

The panel recording can be found here. 

Photo description: Panel titled Global Approaches to AI Regulation: Towards an International Law on AI? (May 23, CPDP.ai)

On May 22, Andreea Șerban, FPF’s Global Privacy and AI Analyst, contributed to a panel titled Fundamental Rights Protection and Artificial Intelligence, organized by Encrypt, a project dedicated to creating a GDPR-friendly, privacy-preserving framework for big data processing. Speakers included Marco Bassini, Assistant Professor at Tilburg Law School, Simona Demková, Assistant professor at Universiteit Leiden, Michèle Finck, Professor of Law and Artificial Intelligence at the University of Tübingen, Andreea Șerban from Future of Privacy Forum, and Giovanni de Gregorio, PLMJ Chair in Law and Technology at Católica Global School of Law who moderated the panel. 

The discussions focused on the procedural safeguards for AI-driven decision-making as the key approach to safeguarding fundamental rights protection, the role of the Fundamental Rights Impact Assessments under the EU AI Act, and lessons learned from the GDPR experience that could be leveraged for the implementation of the AI Act further exploring the interplay between the GDPR and the AI Act from a global perspective.

The panel recording can be found here. 

Photo description: Panel titled Fundamental Rights Protection and Artificial Intelligence (May 22, CPDP.ai)

On May 23, Christina Michelakaki, Policy Counsel for Global Privacy at FPF  was part of the panel organized by the Centre for IT & IP Law (CiTiP) at KU Leuven, titled Transforming GDPR into a Risk-Based Harm Tool Alongside Specific AI Regulation. Meeting Separate but Complementary Needs, together with Felix Bieker, Legal Researcher at Unabhängiges Landeszentrum für Datenschutz, Nadya Purtova, Professor of Law, Innovation, and Technology at Utrecht University, and moderated by Michiel Fierens, Doctoral researcher at Centre for IT & IP Law, KU Leuven. 

The panel explored the challenges in providing legal interoperability and synergies between specific concepts from the GDPR and the EU AI Act. In the ever-developing AI governance regulatory landscape, with a particular focus on the EU AI Act, privacy and data protection norms remain the tools of choice to regulate personal data processing. In this regard, Christina Michelakaki highlighted that the EU AI Act sets a foundational standard, yet it is up to the entities developing and deploying AI technology to keep track of the national initiatives that further develop these provisions, such as Italy’s new draft AI law, as new internal frameworks could create country-specific obligations to be met by these entities. 

The panel recording can be found here. 

Photo description: Panel titled Transforming GDPR into a Risk-Based Harm Tool Alongside Specific AI Regulation. Meeting Separate but Complementary Needs? (May 23, CPDP.ai)

On May 24, Rob van Eijk, FPF’s Managing Director for Europe, was part of the panel Where are we heading? Looking into the EU Strategy for Data through the Lens of AI and Data Protection, organized by Meta, together with Luca Bolognini, President of the Italian Institute for Privacy and Data Valorisation, Peter Craddock, Partner at Keller and Heckman, Patricia Vidal, Partner at Uría Menéndez and moderated by Cecilia Alvarez, EMEA Privacy Policy Director at Meta. 

The panel discussed AI in the context of a data-oriented regulatory framework, focusing on how the EU could foster AI-driven innovation and competitiveness while ensuring equitable access and benefits. Rob van Eijk presented one of the latest FPF resources, a detailed EU AI Act timeline, and provided an overview of the current EU data-related legislation, the role of the EU AI Act in this framework, and its expected enforcement. The panel recording can be found here.

Photo description: Panel titled Where are we heading? Looking into the EU Strategy for Data through the Lens of AI and Data Protection (May 24, CPDP.ai)

Photo description: Presentation of the FPF EU AI Act Timeline (May 24, CPDP.ai)

Lastly, on May 20, FPF’s Bianca-Ioana Marcu moderated a panel session in the CPDP.ai pre-event on the Global Impact of the EU’s Regulations on Platform, AI and Data Governance: The Case of Brazil, organized by the Law, Science, Technology & Society (LSTS) Research Group at the Vrije Universiteit Brussel and the Fundação Getulio Vargas (FGV) Law School. The event coincided with the launch of FPF’s Issue Brief on the Regulatory Strategies and Priorities of Data Protection Authorities in Latin America: 2024 and Beyond.

Photo description: Panel moderated by FPF’s Bianca-Ioana Marcu, with Alessandro Mantelero (Polytechnic University of Turin; Laura Schertel Mednes (University of Brasilia); Frederico Oliviera da Silva (BEUC); and Marco Almada (European University Institute).

Overall, the CPDP.ai 2024 conference brought together all major key stakeholders in the privacy and digital field for yet another successful gathering of minds, having delivered engaging and challenging discussions on the future of the regulatory landscape in this field and how to best address the innovative and disruptive challenges posed by technological developments, with a special highlight for AI and its interplay with data protection.

Editor: Bianca-Ioana Marcu