In the midst of its second year, the GDPR's imperfections highlight the EU's need to steer clear of further regulations.
The General Data Protection Regulation (GDPR), which has been in force for two years, has been a subject of debate within the European Commission. A two-year review of the GDPR has highlighted many of its shortcomings, with some policymakers urging to fix these issues before creating more rules for innovative new technologies.
The European Commission plans to introduce a complex AI regulatory framework and an expansion of the right to data portability following the review. However, these new rules risk adding new layers of bureaucracy and compliance costs, potentially tying the hands of companies that could help the EU economy compete in the global market.
The Commission asserts that the GDPR has created advantages for businesses and users, but this overlooks its damaging impact on innovation. The implementation of the GDPR is facing challenges, such as a lack of resources and staff at data protection authorities. Enforcement of the GDPR is inconsistent among authorities, and guidance provided on issues like pseudonymization, anonymization, and health data processing is insufficient.
These issues have led to a divergence in interpretations of the GDPR's law among data protection authorities, contributing to a decline in European consumer trust in the Internet. The GDPR has not lived up to its initial promise as a gold standard data regulation.
The Center for Data Innovation has released a statement about the GDPR's performance, echoing these concerns. The Commission is considering adding more rules to the GDPR, but some argue that it is crucial to address the existing shortcomings first.
In a bid to improve the situation, the Commission is also planning to expand the right to data portability. This move is intended to give individuals more control over their personal data and facilitate data transfers between services.
Amidst these developments, the Commission also plans to adopt a new AI regulatory framework. The concern is that these new rules could duplicate or overlap with the GDPR, further complicating matters for businesses operating within the EU.
As the European Commission navigates these challenges, it is clear that addressing the shortcomings of the GDPR and striking a balance between data protection and innovation will be key to maintaining trust and fostering growth in the digital economy.
