The European Union is preparing to dial back certain provisions of the General Data Protection Regulation (GDPR), one of its most widely known and complex tech legislations, reports Politico
The intention is to lighten the regulatory load on businesses, particularly small and medium-sized enterprises (SMEs), and allow them to compete more effectively with those in the U.S., China, and elsewhere.
The European Commission will present a proposal in coming weeks to simplify the GDPR. It is a part of broader efforts led by Commission President Ursula von der Leyen to slash red tape and make EU regulation more pro-business.
The Commission has already put forward such simplification proposals in other areas like sustainability reporting and access to EU funds.
Struggling With Complexity
Since its launch in 2018, the GDPR has compelled companies to follow strict rules for processing personal data and managing user rights. Although it improved data protection measures, many companies have struggled to cope with the law’s complexity, the compliance costs, and the amount of paperwork involved.
Leaders like Denmark’s Digital Minister Caroline Stage Olsen argue that privacy is important but that the rules need to be more practical and easier to enforce. Even former Italian Prime Minister Mario Draghi attacked the GDPR and other EU tech laws as stifling innovation and hindering the economic development of Europe.
Danish Digital Minister Caroline Stage Olsen told reporters last week that there are many good things about GDPR and agreed that privacy is necessary. “But we don’t need to regulate in a stupid way. We need to make it easy for businesses and for companies to comply,” she added.
Justice Commissioner Michael McGrath stated that the review of the GDPR revealed that additional support for companies, especially SMEs, was required. A proposal to streamline is due on May 21, slightly later than initially planned.
Complaints From All Stakeholders
According to Dr Ilia Kolochenko, CEO at ImmuniWeb and a Follow at the British Computer Society (BCS), this isn’t unexpected. “I am not surprised by the looming overhaul of GDPR after almost seven years of complaints about it from all impacted stakeholders – including data subjects, data controllers and processors. In its current shape, GDPR creates more harm and hurdles than any palpable benefits.”
He says numerous research and reports, have found that most data subjects do not feel that their data is better protected. “While many experience the growing GDPR fatigue, such as omnipresent and annoying cookie banners, some of which require several clicks and scrolling to disappear. Worse, many unscrupulous organizations utilize Dark Patterns to mislead individuals and track them against their will, while still wasting their time with consent walls and irritating banners.”
Concurrently, Kolochenko says data breaches are surging, while national DPAs in the EU member states have pretty different enforcement priorities, and thus polices, creating inconsistent and uncertain enforcement of GDPR. Foreign companies are spooked by the EU’s GDPR, AI Act and DSA – just to name a few – and rather go to the US or UK, where the regulatory landscape is more friendly for businesses (but not less complicated). Therefore, the eventual revision of the GDPR is certainly needed and will likely make EU countries more attractive for businesses, while better safeguarding our personal data in practice.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.