EU to Propose Changes to GDPR Regulation in Upcoming Weeks
The European Commission is set to present a proposal to ease General Data Protection Regulation requirements amid ongoing regulatory reform efforts.
BRUSSELS — The European Union is preparing to implement significant changes to its General Data Protection Regulation (GDPR), one of the continent's most notable digital legislations.
The proposal, focused on simplifying the GDPR, is anticipated to be announced by the European Commission in the coming weeks.
This initiative forms part of a broader regulatory reform agenda under the leadership of Commission President Ursula von der Leyen, aimed at enhancing the competitiveness of European businesses against their counterparts in the United States, China, and beyond.
The European Commission has already introduced measures to simplify corporate reporting on environmental matters and improve access to EU investments.
The objective is to minimize the time and financial burden that companies face due to complex legal and regulatory frameworks established by European law.
Since its introduction in 2018, the GDPR has been deemed highly intricate, especially by the tech sector, as it mandates stringent requirements for data management and the processing of rights related to personal data.
The regulation triggered a considerable influx of consent requests as businesses scrambled to comply with its mandates.
Now, seven years later, Brussels is poised to reduce the regulatory load associated with this landmark privacy law.
Danish Minister for Digitalisation, Caroline Stage Olsen, emphasized the necessity of balancing privacy protection with practical compliance for businesses.
She stated, "There are many good aspects to the GDPR, and privacy protection is indeed necessary.
However, we must avoid unnecessary regulation that complicates compliance for companies."
Criticism of the GDPR aligns with sentiments expressed by former Italian Prime Minister Mario Draghi, who, in a report last September, warned that overly complex laws hindered the EU's economic growth compared to the US and China.
Draghi argued that the EU's regulatory approach towards tech companies impairs innovation, highlighting concerns regarding both AI regulation and the GDPR itself.
Small businesses, in particular, have voiced grievances about the extensive documentation and compliance requirements imposed by the GDPR.
Justice Commissioner Michael McGrath remarked that the recent assessment of the GDPR highlighted an increased need for support, particularly for small and medium enterprises (SMEs) in their compliance efforts.
While McGrath confirmed that a proposal to simplify the GDPR is on the agenda for the upcoming weeks, the Commission's original deadline for agreement on a simplification package slated for April 16 has been pushed back to May 21. An anonymous source within the Commission indicated that this date was merely indicative and that the specific inclusion of GDPR in the simplification package had not yet been finalized.
Nonetheless, efforts are underway to ensure that the proposal is released by June.
The Commission has previously indicated that the plan for simplification will focus on reporting rules for organizations with fewer than 500 employees but will not undermine the core objectives of the GDPR.
Potential adjustments may involve reducing requirements related to records of data processing activities or reforming how companies conduct data protection impact assessments—requirements often regarded as overly burdensome for smaller firms.
Upon its enactment in 2018, the GDPR was hailed as a landmark legislation that set an international standard for personal data protection.
The intense negotiations surrounding the text catalyzed one of the largest lobbying efforts in Brussels' history, with tech companies investing millions to influence its wording.
The proposal underwent over 3,000 amendments in the European Parliament, marking a record for legislative revisions.
The upcoming revision to the GDPR is expected to incite significant lobbying efforts from both major tech companies and data protection advocates, representing two potent forces within public affairs in Brussels.
Some observers warn that reconsiderations of the GDPR could lead to a rollback under lobbying pressure.
Itxaso Domínguez de Olazábal, a policy advisor with the digital rights advocacy group EDRi, expressed concern over potential risks associated with re-opening discussions on the GDPR, regardless of the perceived goodwill behind such proposals.
The EU is concurrently working to finalize new procedural regulations that will enable regulators to coordinate on significant GDPR-related cases.
Data protection activist Max Schrems stated that while the GDPR remains a prime target for lobbyists, its core principles are unlikely to be easily dismantled, given that data protection is enshrined in the EU Charter of Fundamental Rights as an inalienable freedom.
Schrems concluded that significant alterations to these foundational elements would not withstand judicial scrutiny, reiterating that lobbyists might not achieve their objectives by targeting the GDPR.
The proposal, focused on simplifying the GDPR, is anticipated to be announced by the European Commission in the coming weeks.
This initiative forms part of a broader regulatory reform agenda under the leadership of Commission President Ursula von der Leyen, aimed at enhancing the competitiveness of European businesses against their counterparts in the United States, China, and beyond.
The European Commission has already introduced measures to simplify corporate reporting on environmental matters and improve access to EU investments.
The objective is to minimize the time and financial burden that companies face due to complex legal and regulatory frameworks established by European law.
Since its introduction in 2018, the GDPR has been deemed highly intricate, especially by the tech sector, as it mandates stringent requirements for data management and the processing of rights related to personal data.
The regulation triggered a considerable influx of consent requests as businesses scrambled to comply with its mandates.
Now, seven years later, Brussels is poised to reduce the regulatory load associated with this landmark privacy law.
Danish Minister for Digitalisation, Caroline Stage Olsen, emphasized the necessity of balancing privacy protection with practical compliance for businesses.
She stated, "There are many good aspects to the GDPR, and privacy protection is indeed necessary.
However, we must avoid unnecessary regulation that complicates compliance for companies."
Criticism of the GDPR aligns with sentiments expressed by former Italian Prime Minister Mario Draghi, who, in a report last September, warned that overly complex laws hindered the EU's economic growth compared to the US and China.
Draghi argued that the EU's regulatory approach towards tech companies impairs innovation, highlighting concerns regarding both AI regulation and the GDPR itself.
Small businesses, in particular, have voiced grievances about the extensive documentation and compliance requirements imposed by the GDPR.
Justice Commissioner Michael McGrath remarked that the recent assessment of the GDPR highlighted an increased need for support, particularly for small and medium enterprises (SMEs) in their compliance efforts.
While McGrath confirmed that a proposal to simplify the GDPR is on the agenda for the upcoming weeks, the Commission's original deadline for agreement on a simplification package slated for April 16 has been pushed back to May 21. An anonymous source within the Commission indicated that this date was merely indicative and that the specific inclusion of GDPR in the simplification package had not yet been finalized.
Nonetheless, efforts are underway to ensure that the proposal is released by June.
The Commission has previously indicated that the plan for simplification will focus on reporting rules for organizations with fewer than 500 employees but will not undermine the core objectives of the GDPR.
Potential adjustments may involve reducing requirements related to records of data processing activities or reforming how companies conduct data protection impact assessments—requirements often regarded as overly burdensome for smaller firms.
Upon its enactment in 2018, the GDPR was hailed as a landmark legislation that set an international standard for personal data protection.
The intense negotiations surrounding the text catalyzed one of the largest lobbying efforts in Brussels' history, with tech companies investing millions to influence its wording.
The proposal underwent over 3,000 amendments in the European Parliament, marking a record for legislative revisions.
The upcoming revision to the GDPR is expected to incite significant lobbying efforts from both major tech companies and data protection advocates, representing two potent forces within public affairs in Brussels.
Some observers warn that reconsiderations of the GDPR could lead to a rollback under lobbying pressure.
Itxaso Domínguez de Olazábal, a policy advisor with the digital rights advocacy group EDRi, expressed concern over potential risks associated with re-opening discussions on the GDPR, regardless of the perceived goodwill behind such proposals.
The EU is concurrently working to finalize new procedural regulations that will enable regulators to coordinate on significant GDPR-related cases.
Data protection activist Max Schrems stated that while the GDPR remains a prime target for lobbyists, its core principles are unlikely to be easily dismantled, given that data protection is enshrined in the EU Charter of Fundamental Rights as an inalienable freedom.
Schrems concluded that significant alterations to these foundational elements would not withstand judicial scrutiny, reiterating that lobbyists might not achieve their objectives by targeting the GDPR.
