POLITICO’s weekly transatlantic tech newsletter for global technology elites and political influencers.

By MARK SCOTT

Send tips here | Subscribe for free | View in your browser

BUCKLE UP, DIGITAL BRIDGE IS A SCORCHER THIS WEEK. I’m Mark Scott, POLITICO’s chief technology correspondent, and in a sea of social media commentary, this video made me feel seen. Not sure if my ego can take being called a demigod, but (given my somewhat pale Celtic complexion), I’ll settle for the “day walker” moniker.

There’s a lot to get through this week. Let’s do this:

— The generative AI hysteria has got people (again) thinking we need global rules/standards for this technology. It won’t be easy.

— The clock is ticking for Congress to get anything done on digital. But that’s where the real action is taking place.

— Washington takes another step to challenge Brussels’ international dominance on data via a summit in London.

WHY GLOBAL AI RULEMAKING IS HARDER THAN YOU THINK

IF GENERATIVE AI HAS DONE ANYTHING (beyond freaking out your parents about the pending tech-powered apocalypse), it has focused minds on the need for the world of artificial intelligence to get rules — and fast — to calm everyone’s nerves. Luckily, such proposals, many of which span borders, are here. You’ve got UNESCO’s Ethics of AI Agreement; the Council of Europe’s Convention of AI; the European Union’s AI Act; the White House’s Blueprint for an AI Bill of Rights; morenational AI strategies than you can shake a stick at, including China’s AI rulebook; upcoming transatlantic “Trustworthy AI” Guidelines; and the Organization for Economic Cooperation and Development’s (OECD) AI Principles.

Many of these (mostly voluntary) rulebooks, surprisingly, have a lot in common. Most call for greater transparency over how AI systems operate. They demand stronger data protection rights for people. They require independent oversight of automated decision-making. Some (looking at you, Brussels) outlaw specific — and ill-defined — “harmful” use cases for the technology. In short, in a digital policymaking world where officials almost never agree, there’s a lot of existing consensus about how to tackle the underlying questions linked to AI.

But (and there’s always a but) that doesn’t mean international rules/standards are going to happen anytime soon. “I’m just really afraid that the OECD countries need to get past arguing about small things and look at the bigger picture,” Audrey Plonk, head of the Paris-based group’s digital economy policy division, told me. She should know. Her team has been leading on cross-border AI policymaking longer than anyone, and the OECD’s AI Principles are viewed as the most comprehensive Western playbook for how to approach the technology.

Yet to the American-born OECD official, we are still twiddling our thumbs. Most countries agree the likes of accountability, transparency, human rights and privacy should be built into AI rulemaking. But what that actually looks like, in practice, still varies widely among countries. That means any form of international consensus — beyond platitudes about holding companies to account — is still in its infancy. “If we don’t move in the same direction on something as important as this, we’re all going to suffer,” added Plonk whose team just created a multistakeholder working group to address the future policymaking implications of AI. “You’ve got people still fighting around the edges.”

This problem comes down to two pain points. First: Different countries are approaching AI rulemaking in legitimately different ways. The European Union (mostly) wants a top-down government-led approach to mitigate harms (hence the AI Act). The United States, Japan and the United Kingdom would prefer an industry/sector-led approach to give the technology a chance to grow. China views this via the prism of national and economic security. Second: ChatGPT has set off a separate, but related, call for new oversight specifically aimed at generative AI — in ways that overlap with existing regulation that could hold this technology to account without the need for additional rulemaking.

Case in point: U.S. Senate leader Chuck Schumer’s (fuzzy) AI framework and an open letter from European politicians leading on the bloc’s AI Act. Both efforts name-checked the current AI craze as a reason to do something to rein in the technology’s potential excesses/abuses. But as you can see from above, such standards — even at a global scale — already exist. What’s missing are the finer points of policymaking required to go beyond platitudes around accountability, transparency and bias to figure out how that actually plays out in a cross-border set of enforceable rules.

And for those urging specific generative AI oversight, I would suggest taking a deep breath. I called Suresh Venkatasubramanian, director of Brown University’s Center for Tech Responsibility and co-author of the White House’s Blueprint for an AI Bill of Rights, and asked him if such rules were necessary, given how that technology has captured people’s imagination. “I would say that if we hold it to the same standards that you would hold any other (AI) system, it would not pass,” he told me. “If you have transparency or testing evaluation standards, it’s going to be harder to get ChatGPT-like systems to pass them.”

“If we focus on the point of impact, focus on where the systems are being used, and make sure we have governance in place there — just like we have wanted, all this time — then, automatically, generative AI systems will have to be subject to those same rules,” he added.

WHAT TO WATCH IN US DIGITAL POLICYMAKING

WHEN IT COMES TO WASHINGTON’S DIGITAL RULEMAKING, I’m usually a glass-half-empty kind of guy. And as U.S. lawmakers return this week after their Easter break, it’s hard not to look at the landscape and feel disappointed (again). The American Innovation and Choice Online Act (for digital competition) is going nowhere; the RESTRICT Act (for banning the likes of TikTok) is mostly a public relations stunt; and the American Data Privacy Act (for comprehensive federal data protection standards) is stuck in a political quagmire.

But, weirdly, I’m more optimistic about U.S. movements on digital than I have been for years. You just need to reshape your thinking about what policymaking actually looks like, and what the goals are. What’s clear — given a divided Congress and upcoming elections — is that any specific domestic legislation aimed at greater consumer rights or hobbling Big Tech is not going to happen. But if you reframe that to focus on national and economic security threats, of which the tech sector is critical, then there’s a lot happening — both domestically and within international circles.

It’s hard not to look past the $52 billion in subsidies for U.S. semiconductor manufacturing and research via last year’s CHIPS and Science Act. Already more than 200 companies have bid for some of that cash, with about $200 billion in overall spending already pledged for new American facilities. You could argue, though, that some of that cash would have been spent anyway. It’s an effort to ward off Chinese rivals eager to gobble up more market share in the global chip industry. The fact the U.S. Commerce Department specifically linked U.S. subsidies to commitments from companies not to invest in China over the next decade shows how blatant Washington is in its goals.

The same could be said for the Inflation Reduction Act and its similar financial incentives for domestic electric vehicle production. Sure, Beijing is a factor in trying to shore up local production — much to the ire of U.S. allies like the EU, Japan and South Korea. But Washington has figured out there’s a global technological race associated with these new forms of vehicles, and it’s willing to spend big to give its homegrown automakers a fighting chance of competing worldwide. If that’s not digital policymaking, I’m not sure what is.

Outside of the U.S., American policymakers are similarly flexing their digital muscles, mostly in the name of national security. Officials are still visiting national capitals across the West to warn about the threat that China poses, specifically related to semiconductors, telecommunications, global tech standards and cybersecurity threats. It’s a full-court press to convince somewhat skeptical allies there’s a choice to be made between allowing Beijing to promote itself globally or standing with Washington to push back against China’s ascendency.

That’s playing out in fora like the upcoming EU-U.S. Trade and Technology Council where, again, U.S. officials are pushing their European counterparts to specifically name-check China in the summit’s communiqué — something Brussels is loath to do. Washington is also making its voice heard more loudly in international bodies like the United Nations’ International Telecommunications Union (where a U.S. citizen, Doreen Bogdan-Martin, is now secretary-general) and more industry-led bodies like those deciding on future telecom standards. Again, this is all about pushing back against China.

There’s also some old-school economic diplomacy at play. Even after the EU passed its new antitrust rules, known as the Digital Markets Act, U.S. Department of Commerce officials and those from the White House continue to complain to anyone who will listen in Brussels that the legislation, which will come into force next year, unfairly discriminates against Silicon Valley. Given ongoing domestic concerns about Big Tech’s role in society, many Americans may find it odd that — given all that’s going on right now — U.S. diplomats and officials are so intrinsically associated with the industry and its ongoing battle with foreign governments.

BY THE NUMBERS

GLOBAL PRIVACY BATTLE, ROUND TWO

IN CASE YOU WERE IN ANY DOUBT about the ongoing — but often hidden — fight between Brussels and Washington over privacy standards, a three-day summit in London this week laid it out for all to see. The so-called Global Cross-Border Privacy Rules (CBPR) Forum, a U.S.-led project to expand existing data rules associated with the Asia Pacific Economic Cooperation (APEC), a regional trade body, represents the latest American effort to tilt the scales in its favor. The plan is to create (voluntary) standards so that countries can allow local companies to move data freely between like-minded members. It’s a direct response to the existing status quo that gives Brussels, whose privacy rules are the de facto global playbook, almost exclusive rights to determine which governments have the same level of data protection rules to meet the bloc’s exacting standards.

Officials from APEC member countries, as well as those from the United Kingdom, Argentina, Nigeria and Bangladesh, spent three days hashing out specifics with industry players this week in a fancy London hotel. The CBPR regime involves a combination of national regulators and outside auditors determining if companies are sufficiently protecting people’s data when it’s shipped around the world. The talks focused on three areas: how to include new countries in the voluntary data-transfer pact (the U.K. applied to become an associate member); reforms to the underlying CBPR agreement that dates back almost two decades; and internal changes to the regime to make it more global than its current Asian focus.

WONK OF THE WEEK

FOR THIS WEEK, WE’RE BRAVING THE LATE SPRING WEATHER in Brussels to focus on Penelope Papandropoulos, who just became head of the data analysis and technology unit within the European Commission’s Directorate-General for Competition (or DG COMP), the bloc’s antitrust regulator.

This is not Papandropoulos’ first go-around with digital competition. Until very recently, she was a close adviser to Margrethe Vestager, the EU’s digital and antitrust chief, and previously worked for her predecessor, Spain’s Joaquín Almunia. The Greek-born official holds a doctorate in economics from the Université libre de Bruxelles and previously ran the Brussels office of Charles River Associates, an antitrust-focused consultancy.

“After 4 fantastic years advising Executive Vice President Margrethe Vestager, I am going back to DG Comp to head the data analysis and technology unit that will report to the chief technology officer,” she wrote on LinkedIn. “Looking forward to the great challenge of supporting competition enforcement.”

THEY SAID WHAT, NOW?

“We won’t allow these groups to stay in the shadows. We’re shining a light on these threats because we need to work together to strengthen our defenses,” Oliver Dowden, the U.K.’s secretary of state in the country’s Cabinet Office, told an audience in Belfast when warning that Russian-affiliated groups were targeting critical infrastructure like the energy and telecom sectors across the West. “We have never publicly highlighted the threat from these kinds of groups attempting such attacks before and I should stress that we do not think that they currently have the capability to cause widespread damage to our infrastructure.”

WHAT I’M READING

— Google outlined a series of potential commitments related to giving others a greater ability to compete in in-app payments in response to a U.K. regulatory investigation into the tech company’s practices. More from the search giant here.

— The European Commission published draft guidelines on how it would implement the bloc’s new digital competition rulebook, known as the Digital Markets Act. For competition boffins, it’s a must (but very dry) read.

— The Polish national security agencies discovered a widespread digital spying operation conducted by the Russians against foreign ministries and diplomatic entities across NATO member countries, the EU and parts of Africa. Read more here.

— The Digital Trust & Safety Partnership has created a glossary of terms associated with how practices are implemented across the industry as part of a consultation to improve how trust and safety issues are incorporated into companies’ workflows. Take a look here.

— Academics created a “Sims”-style world populated with agents created via generative AI and these online actors displayed believable behaviors, including autonomously creating a Valentine’s Day party among themselves, according to research from the University of Stanford.

— Unauthorized disclosure of classified government documents violates Discord’s terms of service that prohibits the posting of illegal content on the platform, claims Clint Smith, the company’s chief legal officer, in a blog post responding to the recent Pentagon leaks.

politico.eu/newsletter/digital…

Strasbourg, 20/04/2023 – Today, the European Parliament is expected to approve the results of the trilogue negotiations on new regulations for cryptocurrencies. Pirate Party Members of the European Parliament strongly oppose identification obligations included in the “Information accompanying transfers of funds and certain crypto-assets” legislation, which will effectively abolish anonymous transactions in digital currencies without any threshold. This will negatively impact organisations that depend on anonymous donations, Pirates warn. They will oppose the legislation.

Patrick Breyer, Member of the European Parliament for the German Pirate Party, comments:

“These rules will deprive law-abiding citizens of their financial freedom. For example, opposition figures like Alexei Nawalny are increasingly dependent on anonymous donations in virtual currencies. Banks have also cut off donations to Wikileaks in the past. With the creeping abolition of real and virtual cash, there is the threat of negative interest rates and the shutting off of the money supply at any time. We should have a right to be able to pay and donate online without our financial transactions being recorded in a personalised way.

There is no justification for effectively abolishing anonymous virtual payments: Where Virtual Assets have been used for criminal activities in the past, prosecution has been possible on the basis of the current rules. Banning anonymous crypto currency payments altogether will not have any significant effect on crime. The stated aim to tackle money laundering and terrorism is only a pretext to gain control over our private business.”

Mikuláš Peksa, Czech Member of the European Parliament for the Pirate Party, comments:

“While we understand the European need to regulate crypto assets, we believe that the whole discussion is based on the wrong premise of treating crypto assets as finances deposited in a bank account. We do believe that in the modern world there is one crucial aspect that only crypto assets are able to cover in the future: the role of digital cash. Even and especially in a digital world, we need a medium for anonymous transactions to protect our basic freedoms, ensure privacy and enable struggle for freedom around the globe”

patrick-breyer.de/en/pirates-n…

The European Parliament’s lead LIBE Committee yesterday circulated the draft report by conservative Rapporteur Javier Zarzalejos on the proposal to fight child sexual abuse material (CSAR), also known as “chat control”. While committing to preserve end to end encryption, the Rapporteur proposes to add “voluntary detection orders” and metadata scanning. Pirate Party Member of the European Parliament and long-time opponent of the chat control proposal Patrick Breyer analyses the proposals and their implications.

• Chat Control: Mandatory indiscriminate searching of private correspondence and data of unsuspected citizens is still in. Requirement to „limit the detection order to an identifiable part or component of a service“ such as specific channels or groups (AM 128) goes in the right direction but does not ensure that searches are targeted/limited to specific persons presumably connected to CSEM, as required to avoid annulment of the detection provisions by the Court of Justice. The findings of the European Parliament Research Service are not yet reflected.
• Unlike the Commission, Rapporteur doesn’t want users to be informed that their correspondence has been (falsely) reported (AM 138).
• „Voluntary detection“/Chat Control: Proposed new power for providers to search private correspondence and data of unsuspected citizens of their own initiative, even where conditions of a detection order are not met (AM 99). Again not targeted/limited to specific persons presumably connected to CSEM, as required to avoid annulment by the Court of Justice.
• End to end encryption: Weakening encryption is excluded (AM 106), although wording is not yet sufficient to exclude mandatory client-side scanning with certainty (some argue client-side scanning wouldn’t interfere with the encryption process as such).
• Metadata control: Proposal of new power for automated metadata retention and analysis for allegedly suspicious communications patterns by providers (AM 106). Such technology is again closed-source and not independently evaluated, likely unreliable with countless false positives. The Commission warns that „Service providers do not consider metadata as an effective tool in detecting CSAM“ and „metadata is usually insufficient to initiate investigations“ (p. 29). Most of all proposed provision again does not ensure that processing is targeted/limited to specific persons presumably connected to CSEM, as required by the Court of Justice’s La Quadrature judgement (par. 172 pp.).
• Access blocking / search engine delisting orders: Ineffective access blocking to CSEM is still in. Proposal of new power to delist CSEM from search engines and “artificial intelligence”. Both are ineffective because the material is not deleted at its source.
• App censorship for children: Requiring app stores to block minors from installing communications apps such as Whatsapp, games or chats is still in. Draft report proposes to extend this app censorship (AM 101 pp.).
• Anonymous communications ban: Requirement on communications services to verify user age is still in, with verification systems effectively excluding anonymous use. This would be the end of anonymous e-mail or messenger accounts that whistleblowers, political activists etc. need.
• Promising: Proposal to establish a Victims’ Consultative Forum (AM 273)
• Promising: Services may ensure a “high level of privacy, safety, and security by design and by default” (AM 79)

More on Chat Control: www.chatcontrol.eu

patrick-breyer.de/en/chat-cont…

Germany will not support the EU Commission’s „Chat Control“ proposal of a regulation on Child Sexual Abuse unless major changes are implemented, a leaked position paper reveals:

1) The country opposes „client-side scanning“ on personal devices and wants to exclude end-to-end encrypted messages from scanning. Audio communications and phone calls would also be exempted from scanning.

2) As for server-side mass scanning of private communications and cloud storage, the government „reserve[s] the right to make additional requests at a later date“, questioning the „permissibility“ of such scans in view of fundamental rights. Indeed the European Parliament’s Research Service found only last week that the globally unprecedented scanning orders proposed by the EU Commission would stand in Court only if they were targeted and „specific with regards to the group of individuals to be monitored“.

3) The German government also insists that no voluntary mass scanning by providers in the absence of an order should take place, as currently practised by various US services such as Facebook/Instagram Messenger, Gmail, outlook.com.

4) The proposed age verification requirements for communications services „must allow for anonymous or at least pseudonymous use of the services in question“. It is feared that these requirements could effectively mean the end of anonymous e-mail or messenger accounts, which can be essential for whistleblowers.

Pirate Party MEP Patrick Breyer, shadow rapporteur (negotiator) for his group in the Civil Liberties Committee (LIBE) and long-time opponent of mass scanning of private communications, comments:

„The EU Commission’s globally unprecedented proposal of indiscriminately searching the content of any private correspondence and photos is increasingly falling apart. A Chinese-style mass surveillance scheme as extreme as this doesn’t exist anywhere else in the free world for a reason: It would inflict a death blow to the security and secrecy of communications as well as the right to communicate anonymously, which protect children, victims, whistleblowers, dissidents, industry, governments and many more.

What we really need instead of untargeted chat control and identification obligations for age verification is obliging law enforcement agencies to have known exploitation material removed from the internet, as well as Europe-wide standards for effective prevention measures, victim support and counselling, and for effective criminal investigations.”

patrick-breyer.de/en/germany-i…

La mia intervista su War Room InnovAction, su ChatGPT. Grazie a Luca De Biase per l’ospitalità. .

guidoscorza.it/chatgpt-la-mia-…

La mia intervista su War Room InnovAction, sul tema ChatGPT e la costituzione della task force europea. Grazie a Luca De Biase per l’ospitalità. .

guidoscorza.it/chatgpt-task-fo…

Grazie a Pasquale Viscanti e Giacinto Fiore per l’ospitalità su “Intelligenza Artificiale Spiegata Semplice”, il podcast di AI Play, dove abbiamo parlato di cosa insegna la vicenda ChatGPT a Manager e imprenditori dell’IA. Per riascoltare la puntata clicca qui.

guidoscorza.it/su-intelligenza…

Nuovo appuntamento con la rubrica Privacy weekly, tutti i venerdì su StartupItalia. Uno spazio dove potrete trovare tutte le principali notizie della settimana su privacy e dintorni. E se volete saperne di più potete leggere qui le news quotidiane di Privacy Daily o iscrivervi alla newsletter di #cosedagarante. Grazie a StartupItalia per l’ospitalità!

guidoscorza.it/come-circolano-…

I legislatori europei devono garantire che i pazienti abbiano il controllo sulle loro cartelle cliniche private aggiungendo un requisito di consenso "opt-in" per l'uso secondario dei dati sanitari nell'ambito del proposto European Health Data Space (EHDS)

@Etica Digitale (Feddit)

Più di una dozzina di organizzazioni che rappresentano pazienti, operatori sanitari, persone con disabilità, organizzazioni dei consumatori e dei diritti digitali, nonché lavoratori e sindacati hanno scritto ai membri del Parlamento europeo, esortandoli a garantire che i diritti dei pazienti e il controllo sui loro le informazioni sanitarie private sono confermate nel proposto European Health Data Space (EHDS).

Leggi la lettera aperta

Attraverso l'EHDS, i legislatori vogliono creare sistemi sanitari digitali interoperabili e moderni in tutta l'UE. Sfortunatamente, la proposta della Commissione europea non riesce a proteggere i pazienti quando si tratta della condivisione e dell'uso delle loro informazioni mediche personali da parte di terzi. I pazienti non avrebbero voce in capitolo sulla condivisione e lo sfruttamento commerciale dei loro dati e non sarebbero nemmeno informati su chi li riceve.

Il Parlamento europeo deve introdurre un regime di consenso "opt-in" in modo che gli utenti dei dati siano tenuti a ottenere un consenso valido dai pazienti le cui cartelle cliniche personali vorrebbero utilizzare per scopi secondari.

IL POST DI EDRI CONTINUA QUI

Sara Harcourt, Senior Policy Director di ONE, movimento globale che si batte per porre fine alla povertà estrema e alle malattie prevenibili entro il 2030, ha denunciato come miliardi di dollari di donazioni da record del 2022 per i paesi in via di sviluppo non abbiano mai lasciato i paesi donatori.

Via social Sara, basandosi su dati OECD-Development Assistance Committee (DAC), ha denunciato in un thread quanto segue:

“I livelli record di aiuti nel 2022 per i quali i paesi donatori si congratulano con se stessi sono un miraggio. Le entrate sono in: 29,3 miliardi di dollari in aiuti non hanno mai lasciato i paesi donatori.“

Aggiungendo che:

“I livelli di aiuto hanno raggiunto il tetto record di 204 miliardi di dollari nel 2022, con un aumento del 13,6% in termini reali rispetto al 2021. Sembra incredibile, vero? Fino a quando non ti rendi conto che la maggior parte dell’aumento è dovuto ad aiuti che non hanno mai lasciato i paesi donatori.

Se si escludono gli aiuti spesi all’interno dei paesi donatori per i rifugiati, la spesa COVID e gli aiuti bilaterali all’Ucraina, l’APS è aumentato di appena il 3,5% nel 2022 (in termini di flusso).

Diversi tipi di “aiuti” in realtà non raggiungono mai i paesi in via di sviluppo

Diversi tipi di “aiuti” in realtà non raggiungono mai i paesi in via di sviluppo. Ma il maggior contributo alla spesa dei donatori nel 2022 sono stati i costi per i rifugiati a causa della guerra in Ucraina. Grazie alle regole #OECD, i donatori possono contare comesono stati stanziati i soldi spesi per sostenere i rifugiati all’interno del proprio paese.

Nel 2022, 29,3 miliardi di dollari, ovvero il 14,4% degli aiuti totali per i rifugiati, sono i costi andati per i donatori. Questo è senza precedenti. Durante la crisi dei rifugiati siriani nel 2016, i costi dei donatori hanno raggiunto il picco dell’11% dell’aiuto totale.

Nel frattempo, gli aiuti bilaterali destinati ai paesi meno sviluppati e ai paesi africani sono diminuiti nel 2022.

Nel frattempo, gli aiuti bilaterali destinati ai paesi meno sviluppati e ai paesi africani sono diminuiti nel 2022. Sostenere i rifugiati è assolutamente la cosa giusta da fare. Ma non dovrebbe andare a scapito degli aiuti ad altri paesi che soffrono di insicurezza alimentare, inflazione record e aumento del costo del debito.

Nel Regno Unito, sono stati spesi in patria 4,5 miliardi di dollari di aiuti, il che ha portato direttamente a tagli ai programmi nei paesi a basso reddito.

Approfondimento: UK aid budget ‘totally transformed’ as another £1.5B cut looms

I bilanci degli aiuti dovrebbero essere concentrati sulla fine della povertà e affrontare le crisi nei paesi vulnerabili, non saccheggiati per finanziare i costi interni. Non dovremmo permettere ai donatori di stabilire le regole a loro vantaggio.

Vuoi esplorare tu stesso i dati #globalaid ? Visita la dashboard APS di ONE Campaign con le cifre più recenti sugli aiuti, ricercabili per tipi di aiuti e donatori.”

FONTE: twitter.com/Sara_Harcourt/stat…

tommasin.org/blog/2023-04-13/m…