The Commission in November presented its “digital omnibus” plan as part of a bigger overhaul of data and AI laws that seeks to boost AI technology in Europe. It is one of (so far) 10 so-called omnibuses that aim to slash red tape and boost European competitiveness proposed by Ursula von der Leyen’s Commission.
The new document, dated Feb. 20, was prepared by the rotating presidency of the Council of the EU, currently held by Cyprus, and serves as a basis for national governments to negotiate a joint position on the privacy reforms.
The Cypriots took aim at a core change to the data protection rulebook: how the law defines personal data. If approved, the change would move troves of data out of the scope of privacy protections.
The revision sought to adapt the GDPR to a recent ruling by the EU’s top court (SRB v EDPS), which found that sometimes “pseudonymized” data, where a person’s details are obscured so they can’t be easily identified, could move it outside the strict privacy guardrails of the GDPR.
That would particularly benefit companies, including AI developers, which would be able to use pseudonymized data more freely as long as they can’t reasonably re-identify data subjects.
The changes have already triggered a backlash from European privacy regulators, which this month warned against amending the definition, and have split EU countries, which pushed back against the reform in early position papers.
But European tech and business lobby groups welcomed the Commission’s proposed reforms, applauding the EU executive for its efforts to unlock more data to fuel AI innovation.
EU countries will consider the text on Feb. 27 at a meeting of diplomats focused on the EU’s simplification efforts. In the European Parliament, lawmakers are working on a first position on the GDPR reforms.