A recent study by the European Parliament’s Committee on the Internal Market and Consumer Protection (IMCO) on the digital simplification package (‘omnibus’ legislation - see EUROPE 13755/3) lends credence to the theory that European digital legislation is being deregulated. The analysis published on 24 February confirms that the changes introduced by the European Commission tend to weaken European standards in terms of data protection and the supervision of artificial intelligence (AI).
With regard to the General Data Protection Regulation (GDPR), the study details that the modification of the notion of ‘personal data’ (see EUROPE 13756/20) and ‘pseudonymised data’ could reduce the scope of the regulation and thus weaken the safeguards against the use of such data to train AI models.
The study also points out that the broadening of the use of “legitimate interest” as a legal basis and the increased restrictions on the right of access to data are all adjustments that shift the balance of the text in favour of economic players to the detriment of individuals.
As far as the AI Act is concerned, the abolition of fixed dates for the application of obligations for high-risk AI systems in favour of a mechanism subject to the adoption of technical standards, guidelines etc. (see EUROPE 13807/5) could, according to the study, lead to prolonged legal uncertainty and weaken the effective scope of the framework.
In conclusion, the researchers believe that, far from a simple administrative clean-up, the digital ‘omnibus’ redraws the structural elements of the two texts, sometimes dangerously so. Critics see this as less of a simplification than an attempt at deregulation under the guise of competitiveness (see EUROPE 13806/17).
See the study: https://aeur.eu/f/l05 (Original version in French by Isalia Stieffatre)