The EU seems far from finished with the debate surrounding the simplification of the General Data Protection Regulation (GDPR). A working document from the Committee of Permanent Representatives of the Member States (Coreper), dated 14 November, in which the Danish Presidency of the Council summarises several months of discussions, shows that, while some Member States are pushing for a very targeted revision of the regulation, many remain wary of the idea of any change. Some of the proposals are also partly in line with the adjustments presented by the Commission on 19 November in its proposal to simplify (‘omnibus’) digital legislation (see EUROPE 13755/4).
The document reflects the conclusions of two political discussions, held in July and October last year. Key points: a general desire not to touch the core principles of the GDPR and to avoid at all costs a complete reopening of the Regulation, but an “openness” to the possibility of considering “targeted amendments to the GDPR based on practical evidence”.
Notoriously in favour of further simplifying the European legislative framework, the Danish Presidency of the Council considers that, in the light of the discussions held, “it remains possible to alleviate the administrative and regulatory burden it imposes (...) through a combination of clear, practical guidance (...), the further integration of a risk-based approach and possibly through limited, targeted legislative refinements”.
However, not all delegations agree on the degree of modification to be made to the text. The majority of Member States are in favour of the Commission providing guidance and guidelines, ensuring a harmonised interpretation of the principles of the GDPR, offering direct assistance to businesses and clarifying the relationship between the Regulation and other legislation.
But the EU27 are divided on the question of direct adjustments to the Regulation. There are three opposing groups: the first are reluctant, arguing that such changes would have an impact on the level of protection afforded to European data.
A second group indicated its willingness “to consider future proposals depending on the accompanying justifications”. Finally, a third group of countries, more inclined to amend the text, suggested concrete proposals “for limited and targeted amendments”.
These changes include the exemption from reporting for data processing that is not considered to be “low-risk”, the clarification of certain definitions, in particular for Article 9 on the processing of sensitive data, and the articulation between pseudonymisation of data and complete anonymisation (see EUROPE 13702/24).
The digital simplification package presented by the Commission on 19 November proposes a number of adjustments to Articles 4 and 9 of the GDPR, incorporates exemptions for artificial intelligence and adds other measures on the right of access to data and the extension of the deadline for notification of breaches.
These proposals promise to be the subject of heated debate as the legislative process continues. A number of countries, including Slovenia, Estonia and Austria, have already indicated that, in their view, the GDPR “does not require any further amendment at this time” (see EUROPE 13750/21).
See the document: https://aeur.eu/f/jk6 (Original version in French by Isalia Stieffatre)