Share this page!

Maybe Scrolly?
Michael Veale Profile picture
Twitter logo
Feb 8 10 tweets 5 min read
The French presidency of the Council sent a compromise text on arts 16-29 of the EU AI Act, leaked to @Contexte. My analysis below: Thread 1/
To get caught up, previous thread on Council changes tranche 1:
And tranche 2:
Some changes altering technical documentation requirements, but these just trickle-down impacts from the Presidency's bigger attempt to exempt SMEs from having to fulfil specific legal documentation requirements in their previous edits (see prev thread: )
Amidst some text-shuffling, organisations no longer become "providers" for modifying the purpose of a high-risk system on the market. Seems bad but I suppose if they modified a system that was high risk into non high risk purpose, shouldn't be providers, and other criteria wide.
If outside the Union, you needed an authorised provider. French amendments make them both responsible for snitching on their bosses if they break the regulation and jointly and severally liable under the Product Liability Directive. Importers have to check an auth rep exists.
In a welcome move, the French actually put some direct human oversight roles on users, rather than having them all flow from the (potentially shoddy) technical documentation the providers make, which could have left users not liable if they had providers not scared of enforcement
Footnote worthy, French also keen on putting a number to the length of logging in a couple of places; this is something the CNIL likes to do (and has done re the Law Enforcement Directive art 25 unlike many Member States, I have a forthcoming chapter on logging in the LED...).
Unless I've missed something huge this is an update without many of the shocks and/or fireworks of the previous ones. Credit to @Contexte for obtaining the document.
has been pointed out to me that indeed as indicated this is not a big change as 2(23) even in the presidency version means substantial modification includes change of purpose.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Michael Veale

Michael Veale Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mikarv

Michael Veale Profile picture
Feb 8
Finally! @FD_Nieuws reports the Dutch DPA is telling all actors in NL to stop profiling users w/ real-time bidding & associated tracking architectures, after the Belgian DPA's ruling on structural inadequacies of the IAB Europe's 'cookie banner' fix, TCF. fd.nl/tech-en-innova…
They are not currently announcing an enforcement plan relating to publishers.
IAB Europe didn't comment, but have already said they think, according to hand-wavey legal logic, that enforcement against any RTB actor shouldn't be allowed while a *national* appeal concerning *them*, not any other actor, is pending in Belgium. Really? perma.cc/SS32-P6D9
Read 4 tweets
Michael Veale Profile picture
Feb 7
Scholars! Your regular reminder not to use Mendeley to manage refs; this Elsevier product force encrypts your local database (lying that it’s for GDPR) so you can’t migrate to eg Zotero, leaving the only export via an online API they can kill whenever. zotero.org/support/kb/men…
as the @zotero team notes, “Elsevier later stated that the change was required by new European privacy regulations — a bizarre claim, given that those regulations are designed to give people control over their data and guarantee data portability, not the opposite”.
I wonder why Elsevier wants to see, on their servers, copies of all the downloaded scholarly PDFs in the world…
Read 4 tweets
Michael Veale Profile picture
Feb 4
Significant news for the AI Act from the Commission as it proposes its new Standardisation Strategy, involving amending the 2012 Regulation. Remember: private bodies making standards (CEN/CENELEC/ETSI) are the key entities in the AI Act that determine the final rules. 🧵
Firstly, the Commission acknowledges that standards are increasingly touching not on technical issues but on European fundamental rights (although doesn’t highlight the AI Act here). This has long been an elephant in the room: accused private delegation of rule making by the EC.
They point to CJEU case law James Elliot in that respect (see 🖼), where the Court has brought the interpretation of harmonised standards (created by private bodies!) within the scope of preliminary references. Could have also talked about Fra.Bo and Comm v DE.
Read 13 tweets
Michael Veale Profile picture
Feb 1
Very detailed and wide-ranging decision of the Belgian DPA regarding cookie tracking in relation to (from inference, it's badly anonymised...) the @EDAATweets, the service that runes Your Online Choices (ht @PrivacyMatters) autoriteprotectiondonnees.be/publications/d…
Admittedly, the Chamber at the end says it wasn't really trying to anonymise. Image
So, the EDAA runs a site called "Your Online Choices", an incredibly little used, awkward & archiaic self regulatory initiative of the ad industry to try and claim that people have online choices in the absence of them. This website is linked to by ads, and itself places cookies. ImageImageImage
Read 11 tweets
Michael Veale Profile picture
Nov 30, 2021
B3. The proposal does little to stop the huge pre-emption of any national rules on use of AI, besides the reduction in scope of the AI definition which reduces the pre-empted scope slightly because not absolutely everything can be claimed to be ‘use of software’.
B4. A huge removal of a high risk system is to remove systems modelling and searching through giant crime databases. Likely because unlike many Annex III technologies, these are commonly used in MSs… In theory EC could propose its return one day but wouldn’t hold breath.
B5. The presidency thinks it is solving a great value chain problem by addressing general purpose systems, like APIs sold by Google, Microsoft, OpenAI etc. But it fails hugely here, and these companies will shriek with joy.
Read 16 tweets
Michael Veale Profile picture
Nov 30, 2021
The Council presidency compromise text on the draft EU AI Act has some improvements, some big steps back, ignores some huge residual problems and gives a *giant* handout to Google, Amazon, IBM, Microsoft and similar. Thread follows. 🧵
The Good:
G1. The manipulation provisions are slightly strengthened by a weakening of intent and a consideration of reasonable likelihood. The recital also has several changes which actually seem like they have read our AIA paper, on sociotechnical systems and accumulated harms…
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Like this author's thread?

Get emails when @mikarv has new unrolls!

Check out other threads from @mikarv!

Read all threads by @mikarv

:(