After two years GDPR’s flaws show why EU should avoid additional rules
In response to the European Commission (EC)’s two-year review of the General Data Protection Regulation (GDPR), the Centre for Data Innovation released a statement from Brussels-based senior policy analyst, Eline Chivot.
She says, “Two years after coming into force, the GDPR has failed to live up to its promise. Instead of serving as a gold standard data regulation for the world to emulate, it has proven to be a complicated, burdensome drain on Europe’s digital economy. The two-year review shines an unflattering light on many of these shortcomings, yet the Commission seems determined to double down by layering on even more rules. Make no mistake: That would come at the cost of EU’s economic competitiveness in the years ahead.
“The Commission’s review exposes myriad challenges to implementing the GDPR. For example, many data protection authorities lack resources and staff. They diverge in their interpretations of the law, they are inconsistent in enforcing it, and they provide insufficient guidance, so companies are left to struggle with a lack of clarity on issues such as pseudonymisation, anonymisation, and how to process health data.”
Eline Chivot adds, “It is gratifying that the Commission finally concedes to concerns stakeholders have expressed over the lack of clarity and applicability of GDPR principles with respect to new technologies such as AI, especially for smaller firms. Yet the Commission still plans to adopt new rules, such as a complicated AI regulatory framework and an expansion of the right to data portability. This risks adding new layers of bureaucracy and compliance costs that would duplicate or overlap with the GDPR.
“The Commission continues to assert that the GDPR has created tremendous advantages for businesses and users, despite its compliance costs. But this is a selective reading of the evidence that overlooks the damaging impact it has had on innovation. It also dismisses the fact that the Commission itself has found that European consumer trust in the Internet has plunged.” She concludes, “Policymakers should fix the GDPR’s many shortcomings before creating even more rules for innovative new technologies. Otherwise, the EU will tie the hands of companies that could help its economy compete in the global economy.”
The author is Eline Chivot, senior policy analyst of Centre for Data Innovation.