The breathless pace of development means data protection regulators need to be prepared for another scandal like Cambridge Analytica, says Wojciech Wiewiórowski, the EU's data watchdog. Wiewiórowski is the European data protection supervisor, and he is a powerful figure. His role is to hold the EU accountable for its own data protection practices, monitor the cutting edge of technology, and help coordinate enforcement around the union. I spoke with him about the lessons we should learn from the past decade in tech, and what Americans need to understand about the EU's data protection philosophy. Here's what he had to say.

The EU's police agency, Europol, will be forced to delete much of a vast store of personal data that it has been found to have amassed unlawfully by the bloc's data protection watchdog. The unprecedented finding from the European Data Protection Supervisor (EDPS) targets what privacy experts are calling a "big data ark" containing billions of points of information. Sensitive data in the ark has been drawn from crime reports, hacked from encrypted phone services and sampled from asylum seekers never involved in any crime. According to internal documents seen by the Guardian, Europol's cache contains at least 4 petabytes – equivalent to 3m CD-Roms or a fifth of the entire contents of the US Library of Congress. Data protection advocates say the volume of information held on Europol's systems amounts to mass surveillance and is a step on its road to becoming a European counterpart to the US National Security Agency (NSA), the organisation whose clandestine online spying was revealed by whistleblower Edward Snowden.

The man responsible for ensuring the EU's institutions stick to its data protection laws believes Europe isn't ready for facial recognition tech that watches people in public. European "society is not ready," European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski told POLITICO in an interview. The tech and its applications have divided Europe. The EU's proposed AI legislation bans most applications of remote biometric identification, such as facial recognition, in public places by law enforcement, but makes exceptions for fighting "serious" crime, which could include terrorism. Proponents of the technology, which include law enforcement and some security-minded governments, argue that the police need the technology to catch criminals.

EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act)

The European Union's lead data protection supervisor has called for remote biometric surveillance in public places to be banned outright under incoming AI legislation. The European Data Protection Supervisor's (EDPS) intervention follows a proposal, put out by EU lawmakers on Wednesday, for a risk-based approach to regulating applications of artificial intelligence. The Commission's legislative proposal includes a partial ban on law enforcement's use of remote biometric surveillance technologies (such as facial recognition) in public places. But the text includes wide-ranging exceptions, and digital and humans rights groups were quick to warn over loopholes they argue will lead to a drastic erosion of EU citizens' fundamental rights. And last week a cross-party group of MEPs urged the Commission to screw its courage to the sticking place and outlaw the rights-hostile tech.