Giovanni Buttarelli, the European Data Protection Supervisor (EDPS), recently announced the formation of a new external Ethics Board that will do a deep dive into the complex ethical issues that surround the use of personal data in the “big data” economy. (See press release and full opinion links here.) The EDPS is particularly concerned about the rise of artificial intelligence and its implications for personal data protection. If the EDPS Ethics Board begins issuing opinions before the new General Data Protection Regulation (GDPR) is finalized, it could certainly help shape its final form.
What would a EDPS Ethics Board have to offer once the GDPR is finalized? Clearly it would offer guidance to European Union institutions as to how to apply the GDPR to their own data protection practices, given that the EDPS’s official function is to monitor EU institutions and ensure that they follow EU data protection laws. But it would also potentially supersede the Article 29 Working Party’s role as the EU’s primary data protection commentator, at least on ethical as opposed to more technical issues. Also, given the prominent role of the EDPS in the EU’s self-governance structure, the EDPS’s Ethics Board’s opinions are likely to influence judicial decisions, future privacy legislation, and the national implementation of the GDPR in areas that allow national discretion (and there are quite a few of those). A new EDPS Ethics Board will be a commentator to reckon with.