EU Parliament recruitment app compromised, encryption debate reignited

4 months ago 19

Welcome to Euractiv’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.

“We have acted immediately to make sure that the rights and freedoms of the affected data subjects are protected, and actively supported the Europan Parliament and its Data Protection Officer in all necessary actions for this personal data breach.”

– The European Data Protection Supervisor told Euractiv about the European Parliament’s PEOPLE application being compromised in a data breach.

Story of the week: The European Parliament sent on Monday an internal notification to its staff, seen by Euractiv, about a data breach in the application PEOPLE, used for recruiting the institution’s non-permanent staff. On 25 April, following assessments by Parliament’s cybersecurity specialists, it was confirmed that PEOPLE, the external application based in Luxembourg and created to facilitate the hiring procedures for temporary staff, experienced a data breach, the email reads. The notification was sent by Kristian Knudsen, a director-general at the European Parliament. Recipients were informed about the possibility that the breach “may have exposed your personal data to unauthorised access by external parties” and “occurred at the beginning of 2024.” A Parliament spokesperson told Euractiv that the Parliament’s infrastructure was not compromised. It is currently unknown whether the breach was the result of hacking. Read more.

Don’t miss: Europol’s recent joint declaration with European police chiefs urges action against end-to-end encryption, citing concerns of possible justice obstruction, amid an ongoing debate about balancing data privacy with combating crime. At the end of April, Europol published a joint declaration calling for industry and governments to take action against end-to-end encryption roll-out, saying that this technology will stop law enforcement from obtaining and using evidence against criminals. However, not everyone agrees. Encryption has also been at the heart of the controversy of an EU draft law aiming to detect and remove online child sexual abuse material (CSAM), with some agreeing with Europol’s views and others seeing encryption as a measure to support data privacy. Read more.

Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.

Artificial Intelligence

OpenAI’s deepfake detector. OpenAI has developed a new deepfake detector to spot content created by its image generator, DALL-E, but acknowledges it is only part of the solution to combat deepfakes, The New York Times reported on Tuesday. The company is sharing the tool with disinformation researchers to improve its effectiveness. Additionally, OpenAI is joining the Coalition for Content Provenance and Authenticity to develop credentials for digital content, aiming to trace its origin and distribution. According to the article, despite these efforts, there’s recognition that no single solution can fully address the deepfake problem.

Competition

Space, EuroHPC, and AI. The Competitiveness Council will meet in Brussels next Thursday (16 May) with ministers responsible for space aiming to adopt Council conclusions on strengthening Europe’s competitiveness through space, a topic to be further discussed in the subsequent joint EU-ESA Space Council. Discussions will also focus on adopting a recommendation on research security, a general approach on EuroHPC and AI, and Council conclusions on knowledge valorisation and the ex-post assessment of Horizon 2020.

Microsoft online store. In July, Microsoft plans to unveil its own online store for mobile-game consumables, providing an alternative to Apple and Google’s app stores and their associated fees, Bloomberg reported on Friday. Initially featuring Microsoft’s own games with discounts on in-game items such as those in Candy Crush Saga, the browser-based store was announced by Xbox President Sarah Bond during the Bloomberg Technology Summit. Subsequently, Microsoft intends to expand the store to include offerings from other publishers.

Cybersecurity

EU against Russian cyberattacks. The EU and NATO last Friday condemned “malicious cyber activities” against Germany and Czechia, which they say were likely carried out by a Russian cyber espionage group. APT28. Also known by the name ‘Fancy Bear’, the group is said to have been responsible for dozens of cyberattacks globally in recent years, including on government institutions, media organisations, and critical infrastructure operators. EU and NATO member states, including Poland, Lithuania, Slovakia, and Sweden, were among those targeted in the past. In a statement on behalf of the EU, chief diplomat Josep Borrell said, “The malicious cyber campaign shows Russia’s continuous pattern of irresponsible behaviour in cyberspace, by targeting democratic institutions, government entities and critical infrastructure providers across the European Union and beyond.” Read more.

Data & Privacy

GDPR position paper. A position paper published on Wednesday by EDRi, the European Digital Rights, a nonprofit advocating for digital rights, calls for urgent improvements in enforcing the EU’s General Data Protection Regulation (GDPR) to address procedural disagreements among supervisory authorities. The paper criticises the European Commission’s proposal and offers comprehensive recommendations to ensure efficient and rights-respecting enforcement, emphasising transparent regulations, equitable participation, and prompt resolution of complaints to uphold data protection rights.

Digital Markets Act

Apple fine document published. As Euractiv reported, the European Commission announced a €1.8 billion fine for Apple in March, saying the tech giant abused its dominant position for music streaming providers. The Commission’s Directorate-General for Competition published a provisional, non-confidential version of the document on the decision on Monday. The decision emphasises the absence of a specific causal link between dominance and unfair trading conditions, highlighting both monetary and non-monetary harms to consumers. It also underscores the importance of Apple’s closed ecosystem in finding abuse.

Law enforcement

Ofcom and child protection. Ofcom, the UK’s regulatory and competition authority, introduced comprehensive measures to enhance children’s online safety on Wednesday, encompassing over 40 practical steps. These include implementing age verification measures to prevent access to harmful content like suicide, self-harm, and pornography. Platforms must adjust algorithms to filter or downrank harmful content and introduce effective moderation systems. Ofcom also refers to the Online Safety Act, which mandates strict responsibilities for services accessed by children, requiring them to assess risks and implement appropriate safety measures. The authority emphasises safer design choices and stronger accountability within tech firms. The proposed measures aim to empower children and parents while resetting standards for online safety. The regulations, subject to consultation, are set to enforce a higher standard of protection for children online, with non-compliant companies facing enforcement actions.

Platforms

Meanwhile, in the US. On Tuesday, TikTok filed a petition in the US federal court to overturn the unconstitutional TikTok ban. TikTok’s court filing calls the ban “unconstitutional”. “There is no question: the Act will force a shutdown of TikTok by January 19, 2025, silencing the 170 million Americans who use the platform to communicate in ways that cannot be replicated elsewhere,” the filing reads.

Snapchat and child protection. Snap’s CEO, Evan Spiegel, emphasised the company’s dedication to taking responsibility for users’ experiences on its app, with a specific focus on ensuring child safety, Bloomberg reported on Friday. This commitment comes amidst growing scrutiny directed at Snap and other social networks like Meta Platforms Inc.’s Facebook, X Corp., Discord, and TikTok regarding their influence on young users. Discussions among lawmakers and child safety advocates have revolved around determining the appropriate roles of social media companies, parents, and device makers in addressing these concerns.

Telecom

Telefonica and AWS. Telefonica Germany will migrate one million 5G customers to Amazon Web Services (AWS) cloud, marking AWS’s entry into the telecom market, Reuters reported on Wednesday. This move, a global first, aims to cut costs and increase scale. Telefonica plans to transition 30-40% of its customer base to the cloud by 2025-2026. AWS expects more deals with telecom operators as the market grows rapidly.

US chipmaking on the rise? A study commissioned by the Semiconductor Industry Association indicates that US chip production is expected to significantly increase in the coming years, potentially reducing reliance on East Asia, Bloomberg reported on Wednesday. By 2032, semiconductor manufacturing capacity in the US is projected to triple, raising the country’s industry share to 14% from the current 10%.

Telecom Council. The Transport, Telecommunications, and Energy Council will meet in Brussels next Tuesday. Ministers will engage in a policy debate on the collaborative implementation of recently adopted digital legislation and approve conclusions on the future of the EU’s digital policy and cybersecurity. An informal lunch discussion will focus on digital skills and inclusion, highlighting the importance of ensuring broader participation and competence in the digital realm.

Transatlantic ties

AI model export control. According to a Reuters article, the Biden administration is considering regulations to control the export of advanced AI models, aiming to protect US technology from adversaries like China. The proposed measures would restrict the export of closed-source AI models, which could be misused for cyber attacks or bioweapons. Challenges remain in defining regulatory criteria due to the fast pace of AI development. Nonetheless, the US is seeking to address risks posed by the spread of advanced AI capabilities.

Facebook ads and elections. According to the Washington Post, During India’s current election season, numerous political ads on Facebook are supported by organisations concealing their identity, raising concerns about transparency and integrity in the electoral process. With Facebook being a major platform in India, this lack of transparency poses significant challenges despite efforts to enforce accountability, the article published on Monday reads. Political content and advertising have been discussed about the European Parliament elections as well, to be held on 6-9 June.