Europe has long been a global leader when it comes to regulating Big Tech, but it is now considering making changes that would weaken its landmark privacy legislation, the General Data Protection Regulation, also known as GDPR.
In a move designed to unlock access to data essential to AI across the region, the European Commission on Wednesday published proposals for a «digital simplification strategy.» These proposals include rolling back some GDPR protections, including simplifying cookie permission pop-ups and delaying the introduction of AI regulation.
Europe introduced the GDPR in 2018. It was designed to give European citizens more knowledge, control and power over who was able to access and use their personal data. The regulation went on to inform the development of similar laws elsewhere in the world, including privacy legislation in California.
Don’t miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
The EU was ahead of the curve when it came to regulating technology, but at the same time no serious competitors have emerged from within Europe to rival the AI companies out of the US and China. The bloc has been under pressure from American technology companies and the Trump administration to lessen the regulatory burdens they face in the region.
In the US, the White House has been pushing hard for unfettered development of artificial intelligence technologies. Over the summer it unveiled a national AI Action Plan, which among other things called for the removal of red tape and «onerous regulation.»
In a press release, the executive vice president of the European Commission for technological sovereignty, Henna Virkkunen, called the proposed changes to the GDPR «a face-lift with targeted amendments…that reflect how technology has evolved.» The aim of the measures, she added, is to encourage AI development.
An «attack» on European rights?
As the Commission noted in its proposal on Wednesday, member states consider the GDPR to be an effective and balanced piece of legislation. It’s framing the proposed changes as being a way to «harmonise, clarify and simplify» the application of the regulation.
European privacy campaigners see it differently. «This is the biggest attack on European’s digital rights in years,» said Austrian privacy campaigner Max Schrems, who is best known for taking legal action against Meta (aka Facebook) over privacy violations. «When the Commission states that it ‘maintains the highest standards’, it clearly is incorrect. It proposes to undermine these standards.»
Some campaigners are worried that the proposed changes to GDPR are a sign that the EU is kowtowing to Big Tech. It’s unlikely that the changes would allow Europe to begin challenging the dominance of the US and China when it comes to AI, said Johnny Ryan, director of the Enforce unit at the Irish Council for Civil Liberties.
«Today’s proposal from European Commission to revise the GDPR will entrench the dominance of US and Chinese digital giants, and harm European startups and [small to medium businesses],» he said. «Europe’s problem is not that it has too many rules for data and AI, but that it hypes those rules and then neglects to enforce them.»
According to Schrems, the proposed reform of the GDPR seems primarily designed to remove obstacles that could prevent AI companies from using personal data for AI.
«Artificial intelligence may be one of the most impactful and dangerous technologies for our democracy and society,» he said. «Nevertheless, the narrative of an ‘AI race’ has led politicians to even throw protections out of the window that should have exactly protected us from having all our data go into a big opaque algorithm.»