Meritxell Borràs asks Parliament to have a firm commitment from the country to resize the APDCAT in the face of challenges linked to the data economy and the use of artificial intelligence

The director of the Catalan Data Protection Authority has appeared in the Institutional Affairs Committee of the Parliament of Catalonia to present the activity report for 2023.

The director of the Catalan Data Protection Authority (APDCAT), Meritxell Borràs, has defended in the Parliament of Catalonia that a firm commitment from the country is needed to resize the Authority in the face of the challenges posed by the massive use of personal data in a society increasingly based on datafication, the data economy and the generalisation of artificial intelligence (AI) systems.

During the appearance to present the report corresponding to 2023, Borràs announced that the APDCAT has been designated by the State as one of the authorities for the protection of fundamental rights under the Artificial Intelligence Regulation (RIA). This gives the APDCAT more powers in terms of control over the use of artificial intelligence and, in this new framework, the director of the APDCAT has insisted that we must be prepared.

Borràs recalled that the RIA entrusts the monitoring of AI systems to the European Data Protection Supervisor, and that the European Data Protection Board itself has declared its will that states entrust data protection authorities with the monitoring of the RIA, by virtue of their independence, experience and knowledge.

For Borràs, in this impasse, the General Data Protection Regulation must serve as a protective framework for 21st century privacy, and provide security and confidence to society and companies, to prevent data from becoming a free-trade commodity out of control.

Exponential increase in activity

The director also took stock of the work done, and insisted on the exponential increase in activity at the Authority. As an example, she highlighted the 40% increase in complaints, 22% in claims, and 24% in queries.

On the other hand, he warned that malicious external acts represent more than half of the security breaches reported to the APDCAT, with cyberattacks at the top, which represent 31% of the total. Given the increase in cybercrime, he stressed that institutions need to work hard to apply security measures appropriate to the risk, taking into account the type of data being processed. "As a country, we need to invest in the security of our information systems as an element of guaranteeing our rights and the basic values of a democratic and legal society," he added.

Training and awareness-raising

Among the projects launched, Borràs highlighted the initiative 'Who are you? Data that talks about you', promoted jointly with the Library Service of the Department of Culture of the Generalitat, and more recently expanded to the network of the Barcelona Provincial Council. The project responds to APDCAT's commitment to gamification and awareness through games, with activities, shows, storytelling and workshops to spread the culture of privacy in libraries. Borràs celebrated that, for the first time, APDCAT has been internationally distinguished with the Global Privacy and Data Protection Awards precisely for this project, a recognition granted by the Global Privacy Assembly that integrates data protection authorities from around the world.

A second successful project has been the launch of 'DPD en xarxa', the first learning and collaboration community of data protection delegates in Catalonia, which has served to "break the isolation" of those who work to ensure compliance with data protection regulations in organizations, share knowledge and expertise and promote exchange and cooperation.