Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
Meeting with Markus Beyrer
Director General, Business Europe
Scene setter
Data Protection / Schrems II
• A representative from Business Europe participated in the industry roundtable on the
consequences of the Schrems II judgment that took place on 21 September. Business
Europe welcomed the constructive communication on both sides of the Atlantic and
stressed that there is a lot of legal uncertainty, calling for urgent guidance from the
European Data Protection Board.
Digital Services Act
• Provide assurance that the Commission will take an approach to the DSA that promotes
fundamental rights, including the right to freedom of expression, freedom to conduct a
business as well as the freedom of establishment and provision of services, while at the
same time ensuring a system for platform responsibility in relation to illegal content.
Artificial Intelligence
• JUST A2 had two bilateral meetings with Business Europe to discuss AI liability, on 20
January and 2 April 2020.
• Business Europe contributed to the public consultation
1. They stated that the scope of
any new requirements should take a risk-based approach and only set market access
requirements for “high-risk” AI. This should be defined to focus on where the highest
and most widespread societal damage is likely to occur. As regards safety, sectoral
legislation could be the better alternative. National and EU rules on liability are largely
fit for purpose; any need for revision should be clearly demonstrated.
Sustainable Corporate Governance
• Mr Beyer had an exchange of views with VP Jourova on due diligence and other
sustainable corporate governance-related issues on 22 July. He sent the position of
BusinessEurope on the matter to the VP in a letter dated 24 July.
• The objective regarding sustainable corporate governance in this meeting would be to
explain why an EU initiative is needed. BusinessEurope’s initial objection against EU
harmonisation in this field seems to have turned into a “constructive opposition”.
Identifying points where our views are similar is possible and there is room for further
convergence.
1 https://www.businesseurope.eu/sites/buseur/files/media/position_papers/internal_market/2020-07-
15_ai_a_european_approach_to_excellence_and_trust.pdf
1
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
Lines to take
DATA PROTECTION
• Given the importance of
data protection as a
fundamental right and as a stepping stone for a wide
range of policies, the Commission attaches a great
importance to the correct implementation of the new
data protection rules.
• We have adopted a
multi-faceted approach to
implementation: we have engaged into bilateral
dialogues with Member States on the compliance of
national legislations; we work closely with data
protection authorities in the context of the European
Data Protection Board; we also support those authorities
financially through grants.
• We have published in June an
evaluation report on the
application of the GDPR. In line with the obligation
steaming from the GPPR we focused in particular on
international transfers and on the
functioning of the
cooperation and consistency mechanism. However we
took a much broader approach and we also examined
many other aspects of the application of the GDPR.
2
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
• We have taken into account the contribution of the
Council, the European Parliament, the European Data
Protection authorities and our GDPR Multi Stakeholder
Group.
•
The first main finding of the report is that this
legislation has empowered European citizens when it
comes to the protection of their personal data. They
effectively made use of their rights to lodge a complaint
with their national data protection authority and to seek
an effective solution.
•
Second, the report established that the governance
system, based on independent data protection authorities
in the Member States and their cooperation in cross-
border cases and within the European Data Protection
Board (‘the Board’), is working. However, one of the
key objectives of the GDPR, namely to develop a truly
common European data protection culture between data
protection authorities is still an on-going process. The
Board is working on improvements, with our full
support.
•
Third, the report shows that the GDPR offers
opportunities to European companies by
fostering
3
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
competition and innovation, ensuring the free flow of
data within the EU and creating a level playing field
with companies established outside the EU, based on the
respect of European standards.
•
Finally, we were able to confirm that the GDPR, having
been conceived in a technology neutral way, is an
essential and flexible tool to ensure that the development
of new technologies is in compliance with fundamental
rights.
• After two years, we can also already see where we need
to make more progress. A number of areas for future
improvement have been identified.
•
It is likely that most of the issues identified will benefit
from more experience in applying the GDPR in the
coming years. Our report sets out possible ways to
address them, one of the main ones being the need to
ensure that
national data protection authorities
have
the necessary human, technical and financial
resources.
• Another one is the need for
more uniformity in the
implementation of the rules in our Member States.
The GDPR removed a plethora of different rules across
4
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
Europe, but more work is needed. The Commission will
play its part here, closely monitoring the situation in our
regular exchanges with Member States.
• We also need a
more European approach from
national data protection authorities, with more
efficient working arrangements between them.
Relation GDPR and Data Strategy
• On 19 February, together with the White Paper on AI,
the Commission issued a Communication on a European
strategy for data. It sets out the actions that the
Commission plans to undertake in the coming five years
to further develop the data economy in Europe and to
increase the competitiveness of Europe’s businesses.
• The European Strategy for data aims to enable a wider
availability of privately and publicly held data, in
particular through the creation of European data spaces.
The Strategy targets all kinds of data, not only industrial
but also personal data. Therefore, any policy measure
foreseen in the Strategy which involves access to
personal data must fully comply with the European data
protection legislation.
5
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
• In particular, it is important that any personal data
sharing is carried out based on an appropriate legal basis
(such as legislation laying down a legal obligation) and
with appropriate safeguards.
• Furthermore, support for measures giving individuals
control over their data is also foreseen in the Strategy,
through the development of concrete tools such as
personal data spaces. These measures will contribute to
the effective application of the GDPR.
• In that sense, GDPR and future initiatives following
from the Data Strategy play together.
6
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
BACKGROUND
Processing of health data under GDPR in the Covid-19 context
• Health data are considered as sensitive data under the GDPR and their processing can
therefore only take place under strict requirements. The GDPR however provides that one
of the legal grounds for processing such personal data is public interest in the area of
public health. In this case, Union law or Member State law shall provide suitable and
specific measures to safeguard the rights and freedoms of the concerned individual.
• In particular, the GDPR provides that processing necessary for humanitarian purposes,
including for monitoring epidemics and their spread in situations of humanitarian
emergencies, qualifies as an important ground of public interest.
• In short, the GDPR provides for a legal framework for data protection which is fit also in
time of epidemics. It is not an obstacle to the processing of personal data necessary to
fight the coronavirus pandemic, it offers enough flexibility provided the conditions and
appropriate safeguards are in place. However, once the context justifying such processing
has changed (e.g. after the end of the pandemic), then the necessity and proportionality of
the processing will have to be reassessed.
One-stop-shop mechanism and consistency mechanism
• The GDPR provides for a "one-stop-shop" mechanism. This means that companies
conducting cross-border processing activities only have to deal with one national data
protection supervisory authority (‘the Lead Supervisory Authority’).
• A co-operation and consistency mechanism allows for a coordinated approach between all
the data protection authorities involved. In accordance with Article 60 GDPR, in cross-
border cases the Lead supervisory authority submits its draft decision to all concerned data
protection authorities for their opinion and shall take into account their views. Any
concerned supervisory authority may raise a relevant and reasoned objection to the draft
decision. If the Lead supervisory authority disagrees, it shall submit the matter to the
consistency mechanism which will require a decision from the European Data Protection
Board.
7
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
SCHREMS II
• I would like to thank Business Europe for its useful
contributions during the roundtable on international data
flows on 21 September.
• The aim of that meeting was to understand better what is
happening on the ground and how this can inform our
work.
• In response to the judgment, the Commission has several
work streams.
• Our first objective is to guarantee the protection of
personal data transferred outside the EU in full
compliance with the Court’s ruling.
• This also means that companies should be able to rely on
solid transfer mechanisms. That’s what you rightly
expect, as you need to transfer data as part of your daily
operations.
• That is also why exploratory talks are ongoing on the
best way to address the issues raised by the Court with
our US counterparts, as indicated in the joint press
statement I issued with US Commerce Secretary Ross.
8
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
• But we also have to recognise that the judgment raises
complex issues, related to an area – national security –
that, by its nature, is particularly sensitive.
• Therefore, these are not issues that can be resolved
though a “quick fix”. We need sustainable solutions that
deliver legal certainty in full compliance with the
judgment.
• In parallel, we are finalising the modernisation of the
Standard Contractual Clauses.
• We have been working on this in the past months to
fully align the SCCs with the GDPR and to ensure that
they are adapted to the realities of today’s digital
economy.
• After the Court’s judgment, we are now integrating in
our draft the additional clarifications provided by the
Court on the conditions under which SCCs can be used.
• Because the SCCs are so widely used and are
particularly useful for smaller businesses, finalising this
work is a top priority for us.
• At the same time, we don’t want speed over quality. We
want to get this right and ensure that the new SCCs are
9
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
truly useful to assist companies in their compliance
efforts.
• On that basis, we intend to launch the adoption process
in the coming weeks.
• Of course, it will also be important that our work on the
new SCCs is aligned with the guidance that is currently
being prepared by the European Data Protection Board.
• We are therefore working closely with the data
protection authorities, which have announced that,
following the first FAQs issued immediately after the
judgment, more detailed guidance will be prepared.
• I believe that it is important that such guidance is, as
much as possible operational, based on practical steps
and concrete examples, to assist companies in their
compliance efforts. My services are advocating for such
an approach within the Board.
10
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
DEFENSIVES
There is no guidance, companies do not know how to comply with the
judgment.
• We understand that there is a need for guidance and have urged the
EDPB to accelerate its work on this. It is essential that there is a uniform
interpretation and approach across the EU, and this can only be provided
by the EDPB.
• We already worked with the Board on the first guidance document and
will continue to push for guidance that is as operational and practical as
possible.
• In our own work on the modernisation of the SCCs, we are also trying to
operationalise some of the clarifications provided by the Court, which we
believe will be helpful to assist companies in their compliance efforts.
• At the same time, also the new SCCs will of course have to be used in
line with the conditions set by the Court.
• This is also why the input we receive from industry is so important. It
allows us to understand your needs and learn from your experience on the
ground.
• The information we receive from you in turn feeds into our work, on the
SCCs and with the EDPB.
What are your views on the White Paper issued by the US Department of
Commerce on the Schrems II Decision?
• While I understand that it may be helpful for companies that transfer data
to the US to be provided with more information about the US legal
framework, it should also be clear that trying to re-litigate the case is not
going to help anyone.
• The Court has set a standard, and whether we like it or not, that standard
has to be complied with, by companies, by data protection authorities and
by the Commission in its contacts with the US.
• In our view, the focus of our efforts should be on exploring possible
solutions to the issues identified by the Court, not on revisiting or “re-
litigating” parts of the judgment.
To avoid that it becomes too difficult to transfer personal data, the
derogations under the GDPR should be interpreted more broadly.
• The judgment has not changed the situation on this aspect: derogations
remain what they are, i.e. exceptions to the general rule.
11
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
• While they of course continue to be available for specific transfers, they
cannot become the default solution. This would be contrary to the
rationale of the GDPR as interpreted also by the Court.
• Moreover, it would leave individuals without any protections, which
would be a rather paradoxical outcome of a judgment that focuses on the
need to ensure some continuity of protection when data is transferred
abroad.
[Background: the GDPR contains certain statutory grounds for transfers in specific
situations (e.g. where an individual has given consent to the transfer or where the
transfer is necessary on public interest grounds). These so-called ‘derogations’ can in
principle only be relied on if there is no adequacy decision and it is not possible to
provide safeguards by other means. As there is no requirement to provide any
safeguards when relying on such ‘derogations’, they are only meant as exceptions, i.e.
for limited, non-systematic transfers. After the Schrems II judgment, there have been
calls from companies to reconsider this interpretation (which follows from the GDPR
itself and guidance from the European Data Protection Board) and also allow
regular, systematic transfers on the basis of the derogations. However, this would
mean that personal data that is currently protected by SCCs or other tools would no
longer benefit from any protections when transferred abroad.]
There should be an enforcement moratorium.
• Such an enforcement moratorium is not possible under the GDPR. This
has also been made clear by the EDPB in public statements in the past.
• Data protection authorities have discretion when it comes to launching
ex officio investigations, but are required to act when receiving
complaints from individuals.
• As you probably have seen, several complaints have already been lodged
by civil society that are currently being looked at.
• Of course, the data protection authorities also understand that this is a
difficult situation, but they will not accept negligence.
• Some key steps that companies can take include mapping their data
transfers, carrying out risk assessments, where necessary implement
additional safeguards, etc.
• And of course, all of this should be properly documented to demonstrate
due diligence if it comes to a dialogue with a data protection authority.
• In fact, this is something that any case already follows from the
accountability principle under the GDPR.
• At the same time, we also recognise that these first investigations (and
potential enforcement action) make guidance even more important, to
12
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
allow companies to comply, but also to avoid fragmented decisions by
data protection authorities.
• This is why we have urged the EDPB to accelerate its work.
We are concerned about calls for data localisation
• We have repeatedly confirmed the Commission’s commitment to
facilitate data flows.
• This is notably reflected my statements in the European Parliament, the
Communication on two years of GDPR adopted in June and the
Commission’s Data Strategy.
• That is also what we continue to pursue in our engagement with
international partners in different fora to promote safe and free data
flows. This includes for instance the very promising work at the OECD
with the US and Japan building on the Data Free Flow with Trust
initiative.
• For us, developing strong privacy safeguards and promoting free flow of
data are not opposite objectives, but rather complementary ones that can
reinforce each other.
13
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
DSA AND ILLEGAL CONTENT
• The internet has provided unprecedented possibilities for
new business models to thrive and for individuals from
all over the world to communicate and share ideas and
engage in discussions – also in area of the world where
such possibilities traditionally have been very limited.
• But, this Gutenberg-moment has also carried with it a
number of challenges.
• The problem of illegal content online is not going away.
The societal costs and suffering caused to the individual
victims of the spread of criminal content such as illegal
hate speech, terrorist content and child sexual abuse
material is a very serious concern to the European
Commission.
• Also, we want to ensure that consumers are effectively
protected online and that no illegal products are
available.
• The Digital Services Act will look at the platforms
liability and set out a comprehensive approach towards
all forms of illegal content online. The policy approach
that we formulate will have to combine and reconcile a
number of fundamental rights, including right to
14
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
freedom of expression, freedom to conduct a business as
well as the freedom of establishment and provision of
services.
• This is a complex file which requires evidenced
policymaking to ensure we get it right. The Commission
if currently analysing the results of the public
consultation that closed on 8 September 2020.
• I can assure you that we will carefully assess all
pertinent factors to ensure a proposal that allows us to
effectively tackle illegal content while protecting
Fundamental Rights.
15
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
BACKGROUND
As part of the European Digital Strategy, the European Commission has announced a Digital
Services Act package to strengthen the Single Market for digital services and foster
innovation and competitiveness of the European online environment.
The legal framework for digital services has been unchanged since the adoption of the e-
Commerce Directive in the year 2000. Ever since, this Directive has been the foundational
cornerstone for regulating digital services in the European Union.
However, the online world and the daily use of digital means are changing every day. Over
the last 20 years, many new ways to communicate, shop or access information online have
been developed, and those ways are constantly evolving. Online platforms have brought
significant benefits for consumers and innovation, as well as wide-ranging efficiencies in the
European Union’s internal market. These online platforms facilitate cross-border trading
within and outside the Union and open entirely new business opportunities to a variety of
European businesses and traders by facilitating their expansion and access to new markets
Although new services, technologies and business models have brought many opportunities
in the daily life of European citizens, they have also created new risks to citizens and society
at large, exposing them to a new range of illegal goods, activities or content.
The new Digital Services Act package should modernise the current legal framework for
digital services by means of two main pillars:
• First, the Commission would propose clear rules framing the responsibilities of digital
services to address the risks faced by their users and to protect their rights. The legal
obligations would ensure a modern system of cooperation for the supervision of
platforms and guarantee effective enforcement.
• Second, the Digital Services Act package would propose ex ante rules covering large
online platforms acting as gatekeepers, which now set the rules of the game for their
users and their competitors. The initiative should ensure that those platforms behave
fairly and can be challenged by new entrants and existing competitors, so that
consumers have the widest choice and the Single Market remains competitive and
open to innovations.
As a part of a robust and active consultation process, the Commission has initiated a public
consultation to support the work in analysing and collecting evidence for scoping the specific
issues that may require an EU-level intervention. All European and non-European citizens
and organisations are welcome to contribute to this consultation. The consultation was open
until 8 September 2020.
16
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
ARTIFICIAL INTELLIGENCE (incl. liability)
• The AI White Paper that the Commission published on
19 February 2020 pursues a human-centric approach. It
sets out regulatory options to foster an ecosystem of
excellence and trust.
• Following the White Paper, the Commission plans to
present a legislative proposal in the first quarter of 2021.
• To help Europe pursue excellence in the area of AI, the
White Paper presents initiatives including investments,
coordination of research and fostering relevant skills.
• As regards trust, the EU already has fundamental rights
legislation relevant for AI, in particular on data
protection, privacy, non-discrimination and equality; and
relevant laws on consumer protection, copyright and the
functioning of law enforcement authorities.
• The effectiveness of this acquis may be challenged by
the complexity and opacity of certain AI applications
(‘black boxes’) which would require highly specialised
expertise and processes to comprehend and control.
• AI may also challenge the effectiveness of current
national civil liability rules. To ensure trust and
17
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
encourage the uptake of AI, it is also important to make
sure that victims of damage caused by the use of AI use
are not less compensated than victims of traditional
products and services.
• At the same time, businesses need legal certainty. They
need to know their liability risks so that they can ensure
themselves against them.
• To address these challenges, the White Paper includes
documentation-, testing, and accountability-requirements
to benefit the effective enforcement of existing laws and
help those who deploy AI systems comply.
• In addition, the elaboration of technical norms,
standardisation and certification could facilitate
compliance with higher level legal requirements.
• The requirements will be proportionate to the risk to
rights or safety of people.
• We also need to enable supervisory authorities to keep
fulfilling their mandate where AI is used. They need
adequate capacities and they need to work together.
• An open public consultation on the contents of the AI
White Paper was open from 19 February to 14 June
18
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
2020. The Commission is now analysing more than 1200
responses.
• The opaqueness of some applications is often identified
as a challenge, and there is a desire to always know who
is responsible for automated outcomes.
• Funding and equipment of authorities is also identified
as a priority and some ask for centres of expertise.
• Most of the respondents to the public consultation were
in favour of adapting national liability rules for all or for
specific AI applications to better ensure proper
compensation and a fair allocation of liability. The
majority of businesses in this category were SMEs.
• The EP will soon adopt resolutions providing detailed
recommendations for the Commission on ethics and
fundamental rights and on a civil liability regime for AI-
systems. The respective reports were adopted in the
JURI committee on 28 September.
19
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
DEFENSIVES
What are the main findings of the public consultation?
• The high participation consisting in 1200 replies and 400 submissions of self-standing
position papers shows that this initiative meets a lot of interest throughout different
groups of stakeholders.
• The Commission received feedback inter alia from civil society organisations and
individual citizens, industry, academia, and public authorities.
• 14% of the responses came from outside the EU27.
• A large majority of the respondents is concerned about fundamental rights threats due
to the use of AI.
• The opaqueness of some applications is often identified as a challenge in this regard.
• Funding and equipment of authorities were identified as a priority and some ask for
centres of expertise.
How did stakeholders position themselves as regards the proposals put forward by the
Commission in its White Paper?
• When it comes to the question how an application is categorised as risky, there was a
clear preference to focus on concrete use cases rather than looking at sectors for the
determination.
• There is general support for transparency and clear identification of who is
responsible for automated results. Most stakeholders agree with importance of
accountability, transparency, documentation.
• When it comes to prescriptive requirements that would interfere with how
applications may be built, there was some reluctance, notably among industry
stakeholders.
What are the next steps following the White Paper and the consultation?
• The Commission plans to present a legislative proposal in the first quarter of 2021.
• Currently, the Commission services are working to further concretise the elements
from the White Paper to develop appropriate and proportionate binding rules for the
use of risky automation.
How you will make sure that the framework will not hamper innovation and
competiveness in the EU compared to other regions of the world
• Promoting innovation is not only about regulation, but also about funding, fosrting
investment and networking.
• We need to create an enabling environment for innovation. The Commission pursues
a whole range of activities that are presented in the AI White Paper under the heading
of the “ecosystem of excellence”.
• Regulation does not only limit what actors can do. It also creates a level playing field
and can foster legitimate trust, which is a very important factor for the uptake of the
development and use of new technologies. We need the right kind of innovation.
20
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
• Developing AI on the basis of shared European values can be a competitive
advantage.
How will you guarantee trustworthy AI?
• We already have a solid framework of legislation at EU and national level to protect
fundamental rights and to ensure safety and consumer rights. To prevent breaches of
these rules and to ensure that possible breaches can be addressed by national
authorities, risky applications need to be well documented and provide an adequate
degree of transparency.
• The White Paper sets out concrete requirements for the development and deployment
of high-risk AI:
o to be technically robust and safe,
o the data sets used for training must be appropriate for the purpose in order to
avoid unfair bias,
o appropriate records of the data used to train the algorithm must be ensured,
o individuals should be clearly informed when dealing with an AI system, and
o sufficient human oversight must be foreseen in order to ensure that the AI
system does not undermine human autonomy.
How do you define Artificial Intelligence?
• There is globally no consensus on a definition of AI.
• Defining a set of technology is one thing, defining, which technology-challenges we
need to address is another. We need to target all uses of technology that are
challenging fundamental rights or safety. The opacity of automation plays an
important role in this regard.
• The White Paper refers to the definition of AI adopted by the Commission in April
2018 and the definition prepared by High Level Expert Group.
• The White Paper mostly focuses on machine learning because it is what makes AI
most opaque and in certain situations unpredictable. Machine learning is a subset of
AI and implies that algorithms are “trained” on data.
Will the EU regulate facial recognition for remote identification?
• EU data protection rules already prohibit in principle the processing of biometric data
for the purpose of uniquely identifying a natural person, except under specific
conditions.
• Specifically, remote identification can only take place for reasons of substantial public
interest. It must be based on EU or national law, the use has to be duly justified,
proportionate and subject to adequate safeguards.
• Facial recognition for remote biometric identification is currently the exception.
Following the consultation on the AI White Paper, the Commission reflects on the
necessity of further regulatory steps.
21
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
BACKGROUND
AI White Paper
In the AI White Paper, the Commission proposes a framework for trustworthy Artificial
Intelligence, following a balanced approach based on excellence and trust that aims to
address high-risk AI systems without putting too much burden on those who develop and
deploy less risky ones. The White Paper mostly focuses on machine learning because it is
what makes AI most opaque and in certain situations unpredictable, but it does not exclude
other AI systems, such as expert systems, which follow pre-defined rules. Expert systems are
fully interpretable. Their results (output) can precisely be determined based on their
determined rules and the input data.
Regarding the pursuit of excellence, in partnership with the private and the public sector, the
ambition is to mobilise resources along the entire value chain and to create incentives to
accelerate deployment of AI, including by smaller and medium-sized enterprises. This
includes working with Member States and the research community, and attracting and
keeping talent.
Regarding the ecosystem of trust, the Commission pursues a human-centric approach to AI.
This means first and foremost ensuring that AI applications comply with EU law that protects
consumer and fundamental rights. For example, gender bias in algorithms or training data
used for recruitment AI systems could lead to unjust and discriminatory outcomes, which
would be illegal under EU non-discrimination laws. It is important to prevent breaches of
fundamental rights and consumer laws and if they occur, to ensure that those breaches can be
addressed by the national authorities. The complexity and opacity of certain AI systems
makes it difficult to see if they comply with fundamental rights obligations. The
establishment of accountability and transparency requirements, combined with improved
enforcement capacities, will ensure that legal compliance is considered at the development
stage of AI systems and, in case of a breach, such requirements will allow national authorities
to investigate whether the use of AI complied with EU law. On this basis, the White Paper
sets out concrete requirements for the development and deployment of high-risk AI systems.
The definition of high-risk AI applications will be further concretized. Some uses are critical
in all sectors, e.g. use of AI for recruitment of for certain consumer services such as financial
credits.
In relation to the addressees of the legal requirements that would apply in relation to high-risk
AI applications, obligations are to be distributed among the many actors involved in the
lifecycle of an AI system (e.g. the developer, the deployer, the person who uses an AI-
system, [maintenance] service providers etc.). Obligations should be addressed to the actor(s)
best placed to address potential risks. While developers may be best placed to address risks
arising from the development phase, their ability to control risks during the use phase may be
more limited. In that case, the deployers should be subject to the relevant obligation.
Regarding the geographic scope, the requirements should be applicable to all relevant
economic operators providing AI-enabled products or services in the EU, regardless of
whether they are established in the EU or not.
The White Paper suggests that prior conformity assessments would be necessary to verify and
ensure that certain requirements applicable to high-risk applications are complied with. The
22
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
prior conformity assessment could include procedures for testing, inspection or certification.
It could include checks of the algorithms and of the data sets used in the development phase.
In addition, there would also be an ex-post control, for example to verify that an application
is used in full respect of fundamental rights.
Depending on a legislative proposal, Member States might need to implement new rules on
high-risk AI, with the support of the Commission and a network of national authorities to
ensure coherent implementation. Member States’ existing authorities are very well placed to
do so. For example there are already authorities that enforce the respect fundamental rights or
guarantee the safety of cars, toys, cosmetics or medicine. The White Paper acknowledges that
it would be beneficial to support competent national authorities to enable them to fulfil their
mandate where AI is used. As far as the compliance with data protection rules is concerned,
the national Data Protection Authorities have been provided with increased powers under the
GDPR.
23
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
SUSTAINABLE CORPORATE GOVERNANCE
• We have
crossed the sustainability boundaries of
value creation and now the sustainability crisis is
coupled with the
COVID crisis. We want to
recover from this in a
sustainable,
competitive and
just way.
• The
role and the
responsibility of the
business sector in
reaching these sustainability and recovery objectives
cannot be overestimated.
• It is
not enough if frontrunner companies change
voluntarily, selectively and at
their own pace. We need
to
change the
mainstream, more
systematically and
urgently.
• This requires
improving the
governance of companies
and the impacts in their
supply chains, and I am
determined to
propose next year an
initiative on
sustainable corporate governance.
• The initiative would address
directors’ duties,
due
diligence in the supply chains, as well as
other
elements of corporate governance (e.g. incentives by
remuneration, involvement of sustainability expertise
and engagement with stakeholders).
24
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
• We aim at a framework that is
clear and
coherent, with
appropriate
enforcement.
• I am convinced that a
broad based and
horizontal
measure – covering all sectors – would bring the most
benefits.
• We would pay special attention to the possible – direct
and indirect – impacts on
small and medium-sized
enterprises, including
costs as well as
benefits for
them.
• We are also examining how to cover some
third-
country companies that are active in the EU.
• We will soon be launching
[date of launch still to be
confirmed, if before or after this address] an
open
public consultation, asking specific detailed questions.
We are looking forward to receiving your contribution
as well.
25
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
DEFENSIVES Due diligence:
BusinessEurope has strong concerns regarding the possible introduction of
an EU mandatory framework for supply chain due diligence.
• The due diligence study conducted for the Commission shows that the
voluntary “corporate social responsibility” approach, supported by
reporting on a “comply or explain basis”, failed: only one third of the
300 companies responding to the survey claim to have due diligence
processes in place to identify and mitigate negative human and
environmental impact in their supply chains. Other studies show even
worse figures (for example a very recent German survey shows that 15-
19% of companies have due diligence processes).
• A large majority of individual company respondents (over 300) to the due
diligence study survey expressed
support for mandatory due diligence
rules.
•
EU harmonisation may bring benefits over the development of
national initiatives which would lead to a fragmentation of
approaches and which could result in extra costs.
• The experience with the French law shows that a non-negotiable legal
standard can
contribute to changing the regulatory and behavioural
environment in the third country of the supply chain.
Such positive
impact of an EU standard would be even higher. Moreover, our
initiative is meant to be part of a
smart mix and could be accompanied
by other measures, which foster a better environment in third countries
(trade agreements, other support measures).
It is crucial to base any action on existing international standards and
guidelines.
• Our initiative would
build upon existing UN and OECD standards and
guidelines (the
United Nations’ Guiding Principles on Businesses and
Human Rights, as well as on the
OECD Guidelines for Multinational
Enterprises and the related Due Diligence Guidance for Responsible
Business Conduct). It would also take into account the experiences with
existing national and EU regulation. Furthermore, we are exploring how
to align the due diligence duty to international human rights and
environmental commitments (fundamental and labour rights conventions,
Paris climate agreement, etc.)
26
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
Would a due diligence duty not put EU companies at a competitive
disadvantage vis-a-vis third country companies?
• Although operating in the EU without proper establishment is relatively
rare, we are looking into possibilities to cover
also some third country
companies not formally established but operating in the EU.
• Strengthening sustainability chapters in
trade agreements, which is
subject to ongoing reflections, would help levelling the playing field
globally.
• The due diligence study also shows that
no significant negative
distortions for EU companies are expected which would result from
setting up and operating necessary due diligence processes. We will
analyse other costs possibly linked to reorganisations of supply chains.
Many business operators, whilst calling for due diligence legislation, also
call for actions to take place in producing countries: can the Commission
play a role on both ends?
• The Commission services having competence in
complementary areas
on this matter cooperate in this process.
Other policies, such as
development cooperation, neighbourhood policy, trade and external
relations contribute with support, funding, dialogue, agreements. There is
also an ongoing reflection about how to make trade agreements support
the transition better. These policies reinforce each other.
A new legislative framework should not invert the responsibilities of states
and companies.
• To ensure that human rights are protected, States need to establish
specific legal requirements. Companies (i.e. legal persons) shall respect
human rights as much as physical persons, this has already been agreed in
the UN 10 years ago when clarified in the UN Guiding Principles on
Businesses and Human Rights. The commentaries of human rights
covenants state that States shall legislate to require companies to respect
such rights across their value chain. This is the way to ensure that States
provide an effective protection framework for such rights.
Possible legislation should take into account that the COVID crisis heavily
disrupted global value chains and the challenges in rebuilding them.
• We will carefully analyse cost impacts and pay particular attention to the
needs of SMEs.
27
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
• Our public consultation will ask a detailed question about how SMEs
burden could be reduced.
Multinational companies often operate in challenging circumstances, for
example because of conflict, rule of law gaps or weak local governance.
• Properly implemented due diligence processes
help directors identify
the sustainability
risks and
impacts of the company, allowing them to
manage those risks and
address negative impacts
better.
Will a possible EU law on due diligence have a limited scope with regard to
supply chains? It is extremely complex for large multinationals to ensure
full control at all levels of their supply chain, in particular those beyond
tier one and downstream .
• The aim is to ensure the right balance here: the rules should be
effective
and should
not be easy to circumvent. Human rights and environmental
harm occurs more often beyond tier one, so covering only tier one
suppliers would jeopardise the effectiveness of the measure. The French
law also goes beyond tier one. In addition, such rule would also be very
easy to circumvent putting the legitimacy of the measure in question.
• However, there is an embedded flexibility in due diligence as it is
inherently
risk-based and
requires continuous improvement. The
company should identify which supply chain is the most risky and
prioritise the most serious issues first.
Any framework on due diligence should be based on an obligation of means
rather than obligation of results. Companies should be exonerated from
liability if they comply with a due diligence process standard.
• This is a
balancing exercise: it is important to make sure that companies
not only
establish processes but also
implement them efficiently.
• We hope our
public consultation will inform us what can be added to a
process requirement and also ensure the necessary legal certainty for
companies.
A potential new reporting requirement should not overlap with the
requirements under the Non-Financial Reporting Directive.
• We would like to ensure that
the non-financial reports provide
stakeholders all the information they need to
monitor companies and
directors, and – eventually – to
hold them to account, with regard to
their duties in relation to sustainability.
28
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
• We will pay particular attention to the
consistency and the
links between
this initiative and the review of the NFRD.
The level of detail of a due diligence legislation should be proportionate to
provide clarity for business, but without encouraging a tick-box approach.
• Care will be taken to ensure that the possible EU law and its obligations
are
sufficiently clear, also in order to prevent that it generates
unnecessary litigation. At the same time, it should be
flexible enough so
that companies can adapt to their specificities.
• We are also exploring the possibility to
combine level 1 and 2 measures
and
legislation combined with non-binding guidelines.
A possible mandatory approach on due diligence will impose bigger
burdens on SMEs. Also, obligations will be imposed in any event on SMEs
downstream, as part of the supply chain of companies that are within the
scope. Any EU measure needs to take this into account.
• I agree that we need to
alleviate the burden on SMEs. For instance, a
lighter regime, more detailed
guidance and a
gradual phasing in of the
new obligations are all possible options being explored.
• We also need to take into account that SMEs can be active in
high-risks
sectors, but they would also see
benefits of the new rules: they may
become better candidates to become a supplier of an EU company, they
would themselves reap the benefits of addressing sustainability issues
properly, they could get access to finance more easily etc.
Directors’ duties:
Companies are already taking account of diverse stakeholders’ interests
alongside the financial interests of shareholders. It is a false assumption
that shareholder value creation is necessarily contrary to a stakeholder-
oriented approach. No EU legal requirements are necessary.
• A recent study conducted for us on directors’ duties shows that there is a
growing predominant focus in corporate governance on short-term
financial performance.
• Companies today
pay dividends to the shareholders (or ensure payouts
to shareholders through
share buy-back programmes)
before they
secure the
resilience and
long-term viability of the
company. They do
not invest enough into
medium-to-long-term goals: into innovation,
new technologies and the workforce.
29
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
• This harms their productivity, innovativeness, sustainability,
competitiveness.
• This is despite the fact that in
all EU Member States
directors owe their
duties to the company and not to the shareholders, even if there are
differences in national company law requirements.
• So we are considering how to make it clear in the law what is expected
from the directors. This would also empower directors to withstand short-
term pressure.
• We should also
clarify that
directors need to have
a strategic view over
all sustainability matters.
•
Remuneration policies need to be looked at to ensure that the incentives
of the directors are aligned with the interests of the company.
In certain cases the interests of some stakeholders may be conflicting with
each other (e.g. in restructuring, recovery, insolvency, merger or division).
The company needs flexibility to balance those stakeholders’ interests.
• All stakeholders’ interests as well as the
long-term interest of the
company should always be considered in board decisions. We do not aim
at making a hierarchy between the different interests, but focusing
predominantly on one interest (i.e. short-term financial) should not be the
norm.
It would be too early to amend the recent Shareholder Rights Directive 2.
Transferring more competences from the board to the shareholders would
disrupt well-functioning corporate governance structures.
• Transferring more rights to shareholders is
not the guiding principle of
our initiative. The
main objective would now be to
take better account
of other stakeholders’ interest, not only that of shareholders, and to
explore the possibilities of
enabling other stakeholders as well to hold
directors to account.
30
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
BACKGROUND
The
Commission’s 2018 Sustainable Finance Action Plan announced consultative and
analytical work to prepare a possible policy initiative, undertaken by two DG JUST studies,
on
due diligence requirements in the supply chain (published February 2020) and on
directors’ duties and sustainable corporate governance (published July 2020). Evidence
collected show an
increasing trend of corporate short-termism and
failure of voluntary
action and reporting in incentivising the change of companies’ behaviour.
In a number of strategies implementing the
European Green Deal as well as the
Recovery
Plan, the Commission announced a new
initiative on sustainable corporate governance for
2021. It may take form of a legislative proposal “addressing human rights, and environmental
duty of care and mandatory due diligence across economic value chains”.
The Inception Impact Assessment (“
roadmap”) on the initiative is open for consultation until
8 October. A
public consultation was planned to be launched still in September.
In parallel, the
EP’s JURI committee is preparing 2 reports on the topics covered but he
sustainable corporate governance initiative; namely, an own initiative legislative report
(INL)
on "Corporate Due Diligence and Corporate accountability" (rapporteur Lara Wolters,
S&D, NL) and an own initiative report
(INI) on "Sustainable Corporate Governance"
(rapporteur Pascal Durand, Renew, FR). Two studies are being prepared for the EP to
underpin these reports.
In the meantime, more and more
MS are having
laws, initiatives and plans to reform
corporate governance measures (DE, AT, FI, FR, NL, DK, IT, BE, LU, SE); the
FR Duty of
Vigilance Law being the first and most prominent, and
DE Supply Chain Act
considerations being the most recent.
As regards the position of stakeholder, during the consultative and analytical work that
preceded the announcement of the initiative,
civil society has exhibited
very strong support
in numerous instances, while
business associations naturally expressed
initial hesitations
about possible mandatory rules, however are recently also starting to support the voice of
large individual businesses who have repeatedly spoken out in EU fora and issued multiple
calls
in support of EU level action, to stop free-riding.
31
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
Consumer Affairs in relation to the Recovery Plan
Product Safety
•
Artificial Intelligence and new technology products
have great potential from both the industry's and
consumers' point of view.
•
But products using these technologies may present new
risks, such as for example, cyber-threats affecting safety.
• It is necessary that producers make sure that these
products are safe for consumers, which is also in the
interest of the wide take-up of the technology.
• Furthermore, consumers buy increasingly
online:
in 2019, 63% of EU consumers purchased online.
Consumer products should be safe whether they are sold
to consumers
online or offline.
• The Commission is gathering evidence on the size of
these problems and how they can be tackled. This will
feed into the evaluation and impact assessment of the
General Product Safety Directive.
32
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
DEFENSIVES When is the General Product Safety Directive proposal expected?
• As announced in the revised Commission 2020 Work Programme, the
new proposal is expected for Q2 2021.
What is the General Product Safety Directive proposal going to focus on?
• The Commission will carry out an impact assessment and evaluation
of the Directive to assess its implementation and how it can be further
improved. The Commission has already preliminary identified several
areas that need to be tackled and for what we will gather further
evidence, just to mention a few:
o New digital challenges to product safety, in particular regarding
online product safety market surveillance as well as challenges of
new technology products that could cause cybersecurity risks in
relation to safety, personal security risks and that self-evolve.
o Enforcement issues: There are still too many dangerous products
available to consumers on the EU market. In 2019 over
2 200 dangerous products were notified in the EU Rapid Alert
System, but the actual number is likely to be much higher since not
all consumer products on the EU market can be screened by market
surveillance authorities. There are other enforcement issues
tentatively identified, for example, product traceability is
insufficient and the effectiveness of recalls of dangerous products
from consumers is low.
Do you intend to regulate the responsibilities of online operators? Is there
going to be any overlap with the Digital Services Act?
• The safety of products sold online will be considered as one of the
issues to be tackled by the revision of the General Product Safety
Directive, but also for the Digital Service Act. Within these
discussions, the framework should be assessed including the
responsibilities of online operators in order to ensure consumer
protection as well as a level-playing field for companies. Commission
services will coordinate to ensure coherence between the two
initiatives.
33
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
The New Consumer Agenda
•
Consumer spending will represent an important part of
the
recovery. We must reinforce consumers’ confidence,
and, at the same time, we
should not impose an undue
heavy burden on companies.
•
Only a coherent and comprehensive EU consumer
policy will be able to address new vulnerabilities and
contribute to the collective recovery under the green and
digital transitions; thus, the New Consumer Agenda (to
be adopted on 18 November) will focus on key priority
areas:
o
Empowering consumers in the
green and digital
transitions;
o
Protecting vulnerable consumers;
o
Enforcing consumers’ rights; and
o
International cooperation.
• The New Consumer Agenda is currently open to public
consultation, until 6 October; we would very much
welcome the input of Business Europe to this strategy.
34
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
Green Consumption Pledges
• I am launching, under the Consumer Agenda a new non-
regulatory initiative, the Green Consumption Pledges,
which will be developed in cooperation with the
industry, on a voluntary basis. This initiative aims to
contribute to a sustainable economic recovery and to
empower consumers to make greener choices.
• We are starting the green consumption pledges first with
a few pilot projects with pioneer companies. The
objective is to bring on board in the years to come a large
number of companies in all sectors.
• If you have, within your members, companies that would
like to be involved in the project, in the first phase or
later on, we would be delighted to work with them.
35
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
DEFENSIVES
The New Consumer Agenda
How could you ensure that an agenda of such a high ambitions could
concretely work, in terms of resources and practical implementation?
• The agenda is the tool to formulate our clear and long-term vision under
which to identify and the funding under the new MFF. The priorities of
the new Single Market Programme will have to support the objectives of
the agenda.
• As well, I intend to call upon the Member States to align their funding
streams to their consumer policy priorities. Each country will be invited
to closely involve key stakeholders, including
businesses and consumer
organisations in the implementation of its consumer policy.
BACKGROUND
The New Consumer Agenda
The adoption of the Consumer Agenda is planned for November 2020, while the three
flanking initiatives – i.e. a proposal aiming to empower consumers in the green transition, a
review of the Directive on consumer credit agreements for consumers (2008/48/EC), and a
review of the General Product Safety Directive (2001/95/EC) will be adopted in 2021.
The New Consumer Agenda should address both post-COVID consumer situation and
longer-term consumer policy challenges. Issues range from rogue traders abusing the fast
evolving markets and offering products at excessive prices, to advertisements with bogus
claims or even offers of unsafe products. These emerge at the time of increased consumer
vulnerabilities.
There is, therefore, a need to adapt the European consumer policy framework to market
evolutions, including the rapid digital and green transitions. In doing so, it is important to
avoid new obligations in consumer legislation that could generate undue extra burden or costs
on companies grappling with the impact of the crisis.
A balanced policy requires a holistic approach to consumer agendas, taking into account all
emerging issues also linked to the pandemic’s effects at large. Vulnerable consumers are and
will be most likely to suffer disproportionately from any socio-economic downturn resulting
from the coronavirus pandemic. Such vulnerability may no longer stem primarily from health
or socio-economical disadvantages. New sources of consumer vulnerability increasingly
extend to, for instance, situations of over-indebtedness, reduced digital literacy, geographical
remoteness, etc.
The five key priority areas remain valid also post-COVID: consumer empowerment in both
the green and the digital transitions, consumer vulnerabilities (including in financial
services), enforcement of EU law, and international cooperation.
36
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
Three cross-cutting themes need to be address in each priority area: trust and transparency of
responsibilities between authorities, consumers and businesses; better information to
consumers and fighting false information; ensuring consumers feel safe and reassured in the
new consumer policy framework.
It will be important for all Member States to enhance action on these elements, and the
cooperation with the Commission and the other Member States, for an improved coherence of
policy priorities and implementing measures
This strategic Commission Communication will also serve as the chapeau for several
legislative proposals which will be made reference to in the Communication and adopted
in 2021:
1.
Revision of Directive 2001/95/EC on general product safety (GPSD)
The aim of the revision is to ensure all non-food consumer products on the EU market are
safe and to ensure a level-playing field for all businesses online and offline. This would allow
to maintain the “safety net role” of the Directive. Among other aspects, it aims to address
product safety issues linked to new technologies, such as Artificial Intelligence and product
safety challenges in online sales. The revision also aims at making product recalls more
effective to keep unsafe products away from consumers and at enhancing market
surveillance.
2.
Revision of Directive 2008/48/EC on consumer credit (CCD)
In 2019 an evaluation of this Directive showed that it does not fully ensure high standards of
consumer protection across the EU. The objective to foster a well-functioning internal market
has only been partially achieved. The revision will extend consumer protection to new (non-
bank) operators (e.g. peer-to-peer lending platforms) and new products (e.g. short-term high-
cost loans), which can lead to over-indebtedness. It will also update the information
disclosure requirements to reflect the effects of digitalisation and shift to online contracts. It
will strengthen the effectiveness of creditworthiness assessment rules to make sure the
assessment is done in the interest of the consumer (as required by the Court of Justice). These
revisions should provide for a more effective prevention of misusing consumer vulnerabilities
in the financial sector.
3.
New legislative initiative to empower consumers in the green transition
This initiative, announced in the Green Deal and Circular Economy Action Plan, aims to
ensure that consumers are provided with more accurate, clearer and more reliable information
in order to choose durable, repairable and sustainable products. In order for consumers to
actively participate in the green transition, they need trustworthy information on the expected
lifespan and reparability of products, on their sustainability and environmental impact.
The scope and content of this legislative proposal will build on synergies with various work-
streams that are under way in different Commission services (ENV, GROW, CNECT) in
response to the Green Deal and the new Circular Economy Action Plan, notably on product
standards on material efficiency (durability/reparability) and technical methodologies (e.g.
Product/Organisational Environmental Footprint).
37
Meeting with Markus Beyrer, Director General, Business Europe
07/10/2020 16:00 [phone call]
The Open Public Consultation on the whole consumer package started on 30 June will last
until 6 October - Link: https://ec.europa.eu/info/law/better-regulation/have-your-
say/initiatives/12464-A-New-Consumer-Agenda/public-consultation
Contact(s) – briefing contributions:
Data protection:
(DG JUST.C3), tel.: -
Schrems II:
DG JUST.C.4
DSA:
, DG.JUST.C.2
Artificial Intelligence:
DG JUST.C.2,
, and on liability :
, DG.JUST.A.2
Sustainable Corportate Governance :
, DG.JUST.A.3
Product Safety :
, DG.JUST.E.4
Consumer Affairs :
DG.JUST.E.1
38