GDPR Reform: What Should It Achieve?
It looks like GDPR reform, touching both its enforcement and its substantive rules, may be happening. I only hope that it will not be a wasted effort. In March, the EU Justice Commissioner announced that the EU Commission’s “simplification” agenda will involve reducing GDPR compliance burdens for smaller organisations. Moreover, Axel Voss, a prominent Member of the European Parliament from the dominant EPP faction called for a reform in the similar direction. Apparently, the privacy activist Max Schrems joined Voss’ call, though I assume with reservations and for different reasons. My regular readers won’t be surprised that I welcome the idea of GDPR reform, as I’ve been writing about GDPR’s problems and the need for change, most recently in A serious target for improving EU regulation: GDPR enforcement. However, even though we don’t know much about the various March proposals, what has been released causes me to worry that they are missing the biggest issue with the GDPR: its imbalanced, privacy-absolutist enforcement framework. In this text, I will briefly summarise what we know about the new proposals and what I think is missing in them.