EU Commission opposes revising GDPR, instead focusing on enforcement

[ad_1]

Contents

The battle for artificial intelligence EU Commission’s GDPR review finds enforcement issues court Solution Read more by Euractiv

The European Commission is not planning to reopen the General Data Protection Regulation (GDPR) and is instead focusing on enforcement as privacy issues in the age of artificial intelligence become increasingly contentious.

The GDPR sets standards for how personal data is processed in the European Union.

The European Commission does not plan to revisit data protection regulations before its next report, due in 2028, a spokesman told Euractiv. GDPR application latest reportThe report, released in late July, pointed to enforcement issues.

It was a familiar story: The first report also found problems with law enforcement, contribute The European Commission proposed the GDPR Enforcement Procedure Regulation in 2023, and EU lawmakers It’s been working since then.

Although the report did not make any changes to the GDPR, the Council and Parliament Indeed took a stand Negotiations on the rules of procedure are ongoing and inter-institutional negotiations are expected to begin in the coming months.

The Commission’s decision to prioritise GDPR enforcement has been welcomed by left-wing members of the European Parliament (MEPs), who fear that failing to do so could undermine privacy and security standards.

However, Axel Voss (European People’s Party, Germany), MEP and rapporteur of the European Parliament’s Legal Affairs Committee (JURI) on the AI Act, believes that urgent action is needed because the rise of artificial intelligence (AI) requires a change in the spirit of the law.

The European Commission and left-wing MEPs align with the position of the tech lobby group Digital Europe Previously commented on possible GDPR review.

“We need discussions at the level of the Member States and between the federal states (in Germany) for a better and more coordinated implementation of the GDPR,” Sergey Lagodinsky (Green Party/European Free Alliance Germany), former rapporteur of the GDPR implementation procedure report, told Euractiv.

The battle for artificial intelligence

The ePrivacy Directive rapporteur, MEP Birgit Sippel (German Social Democratic Party), told Euractiv that it is particularly important to implement the current version of the GDPR if the EU wants to ensure that its companies have access to high-quality data to train AI models.

Sippel highlighted racial bias in data sets as an example of how this could reduce the effectiveness of an AI model that looks for cancerous skin diseases.

On the other hand, Voss told EuroDynamics that acquiring and processing large amounts of high-quality data is key to “non-discriminatory or gender-balanced AI models.”

He believes that there is a need to review the GDPR to promote innovation in the current rapidly changing digital environment.

“I would change the entire structure of the GDPR from ‘nothing is allowed’ to ‘everything is allowed’, provided that the privacy of citizens is not violated,” Voss said.

The European Commission found serious implementation problems with the General Data Protection Regulation (GDPR) in a report published on Thursday (July 25) and called for clearer guidelines to strengthen data protection in member states.

court

The legality of using personal data to train AI is currently being challenged in court and complaints have been received by data protection authorities.

The GDPR provides for several legal bases for processing personal data. In practice, these usually come down to legitimate interests, performance of a contract, or user consent.

Meta, the parent company of Facebook and Instagram, has lost a court case over the legality of processing EU personal data. To have Meta switch the legal basis for its processing In November 2023, the transition from a contract performance model to user consent will take place.

In addition, Meta cited legitimate interests (which have various legal interpretations) as the legality of using personal data for AI Being questioned Released in June by digital rights NGO Noyb. Meta stop Its plans for artificial intelligence in Europe.

Solution

Voss said that because the GDPR is not lenient enough in terms of handling user data, EU lawmakers had to create a “regulatory sandbox” to allow AI companies to test new ideas on a small scale under the supervision of regulators.

He said this placed an undue burden on AI companies and prevented EU firms from developing at the pace needed to compete on the world stage.

However, Lagodinsky noted that new regulations allow the use of personal data for AI training while ensuring data privacy, such as the Data Law, which provides a way to anonymize personal data.

He said the Data Governance Act establishes a market structure that facilitates the aggregation and trading of data. He said the laws are consistent with the Data Governance Policy and are effective in addressing the challenges posed by the rise of artificial intelligence.

“In the coming years, we should adhere to the core principles of GDPR in the wave of artificial intelligence,” Lagodinsky added, pointing to privacy and security.

“There are too many forces within the European Parliament and the Council of the European Union that want to attack privacy requirements in the name of security, and too many market players that want to reduce the level of protection within the GDPR,” Lagodinsky said.

One Green Party insider, who asked not to be named, said reopening the GDPR could be used by “far-right groups seeking to abuse the amendment to create a legitimate legal basis for police forces to hack into EU citizens’ devices for so-called security reasons”.