Axel Voss, one of the original authors of the General Data Protection Regulation (GDPR), told the FT that Europe’s data protection laws are already out of date and must be heavily revised for a post-pandemic world.
GDPR needs “some type of surgery” less than three years after it came into force, and ahead of a vote by the parliament to celebrate it as a “gold standard for the world”.
Voss said GDPR needed to be revised to take into account not only the widespread move to homeworking, but also the emergence of a host of new technologies.
“We have to be aware that GDPR is not made for blockchain, facial or voice recognition, text and data mining [ . . . ] artificial intelligence,” said the German MEP. “The digital world is about innovation. We cannot stick with principles established in the 80s that do not reflect the new situation we are living in.”
He added that, if enforced to the letter, it represented a minefield for people working outside their offices and using software that authenticates them for a host of services with a single login.
“If you have a home office situation and you’re dealing with personal data, you are left alone with numerous legal obligations that are difficult to understand. What are the requirements for dealing with data protection in a private home?”
He said his view, that the rules needed to be revised “in a very detailed way”, was shared by his political group in the parliament, the European People’s party (EPP), a coalition that includes German chancellor Angela Merkel in its ranks.
But Sophie in’t Veld, a Dutch MEP who was also involved in drafting GDPR, said the law remained fit for purpose. “Is a law ever perfect for every individual and union? No, of course not.”
“But we worked on this piece of legislation for five years and we have prepared it better than any other legislation. We spoke to hundreds of companies, academics, privacy experts, civil societies, tech experts, you name it.”
“The idea that we have overlooked something is not plausible. GDPR is also a very general piece of legislation that leaves lots of flexibility for implementation.”
While GDPR has been seen as a template for the rest of the world, it has been hard to implement, and the European Commission has recently suggested that small businesses in particular are struggling with the rules.
Legislation does need updating as circumstances and technology changes – and this past year has seen both at pace. Why would there be an issue with updating and adapting the single, one legislative framework which has protected privacy and driven forward a grown up conversation with the public and companies about the value of, and the responsibility to, safeguard personal data?
GDPR for some, doesn’t go far enough. There are those that argue we should own our personal data and companies should compensate us for their exploitation of it. And that means more than the dubious pleasure of social media platforms for free…
The post GDPR is already out of date: EU must overhaul data protection laws appeared first on Payments Cards & Mobile.