The EU's Digital Omnibus: next stop, your privacy
The European Commission is currently working on a directive called the “digital omnibus”. Nothing to do with public transport, these ”omnibuses” are just a way of bundling a bunch of changes to multiple laws in one go (and can also be a sneaky way of avoiding too many checks).
The official goal of this directive is to simplify digital regulations and make European businesses more competitive. Sounds reasonable, right?
But, when you take a closer look, “simplify” starts to look like “dismantle”.
Let’s take the GDPR. Today, you can write to any company and ask them what data they have on you and who they’ve shared it with. They have one month to respond.
Under these new proposed rules, that company could simply respond “no, your request is excessive”. Basically being the judge in their own case.
Or let’s take the definition of personal data. Today, it’s objective: it’s anything that can be linked to a real person.
Under this new directive, it would become subjective: as long as a company holds your data under a pseudonym (like a string of numbers instead of your name) and claims it can’t ID you from it, they can claim it’s not personal and the GDPR doesn’t apply.
Anyone who knows anything about data knows that pseudonymisation is relatively easy to work around.
Then there’s good old AI. New exceptions in the law would allow companies to use sensitive personal data (health, political opinion, religion, union membership, …) to train their AI models – with much lighter obligations.
The Commission says this will help European companies compete in the market. But if you loosen rules in a market that’s over-dominated by American big tech, who do you think will benefit the most? It probably won’t be that local European startup.
The GDPR has plenty of faults, the biggest one being they don’t enforce it. But the answer to poor enforcement isn’t relaxing the rules, it’s doing the actual enforcement!
Negotiations are ongoing, but this is worth keeping an eye on. If you depend on tools from US big tech, relaxation of the rules might end with more personal data flowing from your organisation across the Atlantic.
Or… you could be proactive and move to European privacy-focused tools now. Just in case the NGOs, civil society groups, and privacy advocates currently fighting the rule don’t succeed.
Colin