New European Commission confirmed: our takeaways on what to expect

New European Commission with returning President Ursula von der Leyen confirmed

After several weeks of political horse-trading and eleventh-hour bargaining by Europe’s biggest political families, the new European Commission has formally taken up their five-year office.

This “college of Commissioners,” made up of 26 Commissioners and returning President Ursula von der Leyen, is one of the European Union’s most powerful bodies. In most cases, it is the only EU institution that can propose new laws, giving these Commissioners a massive agenda-setting role.

Prior to being confirmed, the would-be Commissioners had to face Members of the European Parliament (MEPs) to field questions about their skills and experiences. Whilst the MEPs mostly gave the nominees a pretty easy time, these hearings nevertheless give us some insights into what’s on the Commission’s agenda for the next 5 years.

Most relevant takeaways for digital rights:

We followed the live-streamed hearings of the three Commissioners we think will be the most influential at the intersection of digital, data and fundamental rights for the next five years:

• Finland’s Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, has one of the biggest roles, spanning digital services, cybersecurity, defense and more. Find our hot takes on Mastodon and Twitter;
• Austria’s Magnus Brunner, Commissioner for Home Affairs, takes over a portfolio which includes border and migration tech and databases, and all things relating to police and data, including encryption, surveillance and chat control. Our hot takes on Mastodon and Twitter;;
• Ireland’s Michael McGrath, Commissioner for Democracy, Justice, and the Rule of Law, will be responsible for all things data protection, as well as the new Digital Fairness Act, among others. See our Mastodon and Twitter hot takes.

Here’s what we learned:

1. Data Protection: a mixed set of responsesWhilst Virkkunen took aim at “red tape” and resurrected tired narratives such as blaming rules like the General Data Protection Regulation (GDPR) for stifling European innovation, McGrath praised the EU’s data protection rulebook. He told MEPs clearly and firmly that the GDPR has been a “success” which has contributed to – not hindered – “fostering and supporting innovation” in the EU.

   This may prove to be one of the battle royales of the 2024-2029 Commission. Industry and many conservative lawmakers have been pushing against the GDPR since its inception, aiming to water down this important law. While many Commissioners acknowledged the importance of protecting people’s data, the digital rights field will need to be vocal against these attacks on our basic human rights.

2. Digital deregulation: a big threat to recent digital rulesIt wasn’t just the GDPR that was in the crosshairs of Virkkunen. Her criticism of the EU’s “digital rules” for being what she called an “admin burden” raises concerns for the enforcement of key laws like the Digital Services Act (DSA), Digital Markets Act (DMA) and Artificial Intelligence (AI) Act.

   Even McGrath said that a key focus of his would be “reducing admin burden for businesses”, a worrying focus for the Commissioner responsible for justice and rights issues. This entire framing of regulation as a burden – as well as claims by Virkkunen that AI is the solution – leave us worried about how this Commission could roll back on important rules from the last decade.

3. State surveillance: encryption and personal data still under attackThe future of the stalled CSA Regulation – also known as ‘chat control’ – was raised by two MEPs. Brunner’s responses were ambivalent: on the one hand, he stated the importance of this law. On the other, he called for a “balanced” approach – a big change from his predecessor.

   Whilst this doesn’t tell us much, he did seem to compliment the Parliament on their position. Could this have been a subtle nod towards the Parliament’s efforts to protect encryption and rule out generalised surveillance of private messages? We hope so – but whilst Virkkunen highlighted the importance of Europe’s cybersecurity, she avoided a question on the protection of encryption, failing to provide what could have been vital reassurance.

   Brunner also made several worrying comments on surveillance issues: he mentioned cracking down on online anonymity; made several references to having to choose between safety/protection or privacy – a false dichotomy; and charted out plans for expansions of Europol and Frontex powers and biometric data processing without increased oversight.

4. Good administration: not so good after allThe hearing of Brunner, in particular, rang alarm bells for transparency and good administration. Despite being pressed by MEPs, Brunner declined to promise that all legislative proposals that he puts forward would be accompanies by an Impact Assessment – despite this being a requirement of the Commission’s own good regulation guidelines.

   Virkkunen also promised transparency in the implementation and enforcement of key digital laws like the AI Act, but with the process so far being notoriously opaque intransparent, it’s hard to count on this.

   Another key area of concern from the hearing of Virkkunen was that she presented the solution to administrative burdens, productivity concerns and other administration issues as simply being the use of AI.

   A small concession was the promise from McGrath that he would engage meaningfully with civil society organisations and people “on the ground”. He committed to launching infringement procedures wherever needed to tackle breaches of the Charter of Fundamental Rights. And he promised to use the full “toolbox” at his disposal to protect rights across the bloc.

   Time will tell how he does – particularly in the face of colleagues who seem to be committing to the opposite. But these are nevertheless important commitments to maintaining and upholding the rule of law and ensuring meaningful democratic participation.

5. Missed opportunities: the since spoke volumesThere were several topics where the lack of attention and interest said more than words could, such as:

• Spyware: Whilst McGrath committed to prioritising the safety of journalists, the topic of spyware – one of the biggest threats to European democracy that he is entrusted to protect – was absent;
• Commercial surveillance (aka surveillance ads): Whilst several Commissioners promised a strong future “Digital Fairness Act” to counter various forms of online manipulation, they stopped short of recognising the need to also tackle to toxic Big Tech business models that underpin and perpetuate many online harms;
• Climate justice: Virkkunen’s references to the climate crisis were limited to classic technosolutionism, and included bizarre claims that the cloud is energy efficient;
• Data retention: the Commission has made it clear that a new data retention law is coming. But Commissioner McGrath dodged a question from MEPs about how he would ensure protections for privacy and personal data;
• Open source tech: whilst Virkkunen stated that supporting open source tech is important, she glossed over the Commission’s recent massive funding cuts to open source programmes.

Whilst we got silence from the Commissioners when we wanted answers, many MEPs were loud when we would have wanted them to stay quiet. Distressingly, we saw far-right ideologies on full display, including attacks on minoritised communities, racist and xenophobic rhetoric, sexist remarks and attempts to delegitimise civil society organisations.

The fight for digital rights continues

This was a sobering reminder that digital rights sit within a broader set of power structures. Fighting for everyone’s rights will mean we must continue recognising that digital threats are not distributed evenly, and we must work with those communities who are most at risk. Ensuring digital justice will require us to explicitly reject hatred, fear-mongering and exclusion, as well as standing firm against techno-solutionism, mass surveillance and attacks on privacy.