Civil Society, Industry Squabble Over Need for Privacy Regulation
Europe's public interest and digital sectors dueled over the European Commission's plans to reduce regulatory burdens, including the General Data Protection Regulation (GDPR), in documents published Tuesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The EU risks a "race to the bottom" in its push to cut regulations, said 470 civil society, public interest and trade union groups in a statement to the commission.
However, in a separate policy brief, the European Centre for International Political Economy (ECIPE) countered, "Red tape is weighing down Europe's productivity engine." ECIPE said it's funded entirely by voluntary contributions from private foundations and corporations.
EC "simplification" efforts really mean deregulation, the civil society groups said. Its "insistence that this is about removing 'superfluous red tape' is not backed up by reality."
One of many areas of concern is digital privacy, they said.
For instance, a decade of digital rights progress could be undone by reopening the GDPR, the statement said. Further attacks on rights-based rules such as the AI Act and the planned Digital Package "could undermine rules that protect all our digital lives against AI harms and surveillance from state and corporate actors."
Among other recommendations, the groups urged the EU to pass stronger privacy and data protection laws and enable enactment and enforcement of laws that safeguard rights, justice and public interests. The EU should give law enforcement authorities more resources and issue guidance and support for digital rules, they added.
The EC floated changes to the GDPR in May (see 2505210007). These would involve exempting small and midsized enterprises and small midcap companies from some GDPR recordkeeping requirements.
In addition to the omnibus package that includes GDPR modifications, the Digital Package, expected on Dec. 10, will also contain some proposals on the regulation, European Digital Rights Head of Policy Ella Jakubowska emailed us. EDRi is one of the co-signers of the statement.
All the EC has mentioned publicly about the Digital Package is some sort of "alignment" between the GDPR and Network and Information Security Directive 2 in terms of incident and data breach reporting, "which could potentially be significant for personal data and other human rights as it is," Jakubowska said.
But, she added, the EC has directly told EDRi that "everything is on the table" for the package, "so we expect that they might go further."
The ECIPE paper argued that restrictive rules such as the GDPR can slow digital innovation, uptake and infracture development while more open regulatory approaches enable wide adoption, boost the digital economy and help spread new technologies better.
At the EU level, regulation affects firms' ability to build up digital assets such as data and adopt new technologies, ECIPE said. The GDPR "restricts data collection and storage," the Digital Markets Act and Digital Services Act limit market access, and the AI Act "sets conditions that may constrain product development."
"Evidence shows a negative correlation between digital and non-digital regulatory barriers and the uptake of digital technologies across the EU," said ECIPE, urging policymakers to "take a step back and re-evaluate digital regulation, particularly the provisions with the greatest negative economic impact."