Meeting in Copenhagen on Wednesday 23 July, the ministers and representatives of the justice ministers of the EU27 discussed the competitiveness of European businesses and the simplification of legislation.
To this end, and while the Commission is planning a new simplification package in the digital field by the end of the year, the Danish minister, Peter Hummelgaard, chose to focus discussions on simplifying the EU’s General Data Protection Regulation (GDPR) which, in his view, has proved very burdensome in terms of administrative burdens for businesses.
At the end of the meeting, the Danish minister explained that the ministers had been able to “identify areas” where the regulations appeared to be particularly burdensome. He cited the case of a company doing surveys and the excessive amount of time it takes to comply with all the criteria in the regulations. Time that also costs money “and doesn’t allow them to invest or develop new ideas”, he said.
Alongside him, the European Commissioner for Justice, Michael McGrath, found the exercise very useful in gaining an idea of the expectations of the Member States. Last week, he also held hearings with the main stakeholders, including companies, regulators and NGOs. And “to be fair, there has been no significant call for a broad reopening” of the GDPR, he explained. The discussions showed that the Member States and stakeholders consider the GDPR to be a regulation of global standards, underpinning key decisions, in particular the decisions on adequacy with the rest of the world.
“Many stakeholders last week, and indeed some Member States today, made it clear they didn’t want to see any reopening. But other stakeholders and some Member States did make the case for targeted amendments to the GDPR. But I think what was consistent across last week and today was that both stakeholders and Member States underlined the need for more consistent and practical guidelines and increased stakeholder engagement from the national data protection authorities and the European Data Protection Board”.
One strong message heard “related to the need to ensure more consistent application of the GDPR rules across Member States to facilitate compliance, for example through the use of codes of conduct; businesses present at the dialogue last week also emphasised that many of them have invested heavily in GDPR compliance and expressed concerns about the reopening”, the Commissioner replied to Agence Europe. “This could create uncertainty contrary to the very aim of simplification itself”, he added.
There were also strong calls to “ensure that any overlapping with other parts of the EU digital rulebook are ironed out and clarified as well”.
In May, the Commission had already proposed targeted amendments to the GDPR (see EUROPE 13645/2) as part of the communication on medium-sized companies, which will no longer be obliged to keep a register of personal data processing activities.
According to one source, the national delegations were fairly broadly supportive of these May amendments, but showed no appetite for radical changes to the GDPR, with Member States opting instead for improvements through guidelines or a specific type of support.
One delegation also stressed the need not to sacrifice this text in the current geopolitical context, particularly in the context of trade tensions with the United States.
In its discussion paper, the Danish Presidency of the Council of the EU cited the ‘Draghi’ report in particular, arguing that the EU’s regulatory stance towards tech companies is holding back innovation and that the limitations imposed on data storage and processing are leading to high compliance costs. (Original version in French by Solenn Paulic)