This article is on behalf of Aliki Foinikopoulou, Salesforce’s Senior Director of EU Government Affairs & Public Policy, Laurent Monjole, Senior Director of Government Affairs Southern EMEA, and Isabel Barquin, EMEA Government Affairs
As Spain ascends the Presidency of the Council of the European Union, Salesforce is sharing key digital policy recommendations. This will be the last full-term Presidency before the next European elections in June 2024, providing an opportunity to lay the foundations for an open and innovative EU digital policy framework that will support a strong and competitive Europe.
What’s at stake
During this time, the Spanish government will be responsible for driving forward the Council’s work on EU legislation, including a number of key tech regulations such as the AI Act, the Data Act, and the Cyber Resilience Act. These will have a significant impact on the digital transformation of European businesses and the EU’s economic growth.
The EU’s strategic autonomy refers to the capacity of the EU to act without being dependent on other countries in strategically important policy areas. These can range from defence policy to the economy, and the capacity to uphold democratic values. President of the Government of Spain Pedro Sánchez has emphasised the importance of an open approach to the EU’s strategic autonomy. This suggests Europe can protect its strategic interests and its leading global role in a rapidly changing geopolitical landscape while working with like-minded democratic partners in areas such as security, trade, and technology. With open strategic autonomy, Europe has the opportunity to create a resilient economy, where open markets, data privacy, and high cybersecurity standards coexist.
Ensuring Privacy is Protected and Innovation is Nurtured
EU digital policy should enable European businesses to choose the trusted digital tools that best meet their needs while maintaining robust security principles and controls over their data. For example, Salesforce’s Hyperforce EU Operating Zone enables our customers to process and store their data in the EU. Any efforts to limit the ability of technology providers to offer their services in Europe based solely on the location of their headquarters or their ownership structure would risk a negative impact on the region’s cyber resilience and digital transformation. Protect the flow of data
As privacy and sovereignty concerns increase across the world, EU policymakers are contemplating restrictions on cross-border data flows. However, mandatory localization of data can compromise cybersecurity, slow the pace of innovation and technology adoption, and eventually limit the competitiveness of European businesses. The EU must safeguard secure and open international data flow systems in order to promote and enhance the trusted development and uptake of cloud, data analytics, and AI in the region. With their commitment to a new EU-US Data Privacy Framework, the EU and the US have demonstrated shared values in jointly setting a high data protection standard that can set an example for global frameworks. EU Member States should prioritize adopting the European Commission’s adequacy decision. The EU should also safeguard the validity of the existing transfer mechanisms. Any restrictions on the transfer of data in the Data Act should avoid creating legal uncertainty and causing discrepancies with the legal transfer mechanisms established by the GDPR.
Regulate for the future
A nuanced and flexible approach is necessary to ensure the lawful development and uptake of new technologies, and to allow space for innovation to flourish. For instance, at Salesforce, Ethics by Design principles inform our teams’ creation of trusted AI products, as well as efforts in responsible marketing — delivering innovation and value to customers, while also encouraging them to utilize data and AI responsibly. With the new AI Act, the EU has a unique opportunity to get this balance right by focusing on the AI applications that can have an adverse impact on the health, safety and fundamental rights of individuals, and acknowledging the different responsibilities borne by the different players across the AI ecosystem: developers, deployers, and users.