EU Commission makes improvements to the GDPR - but only a little bit

• Data protection supervisory authorities to cooperate better
• Bitkom recommends further changes for a more uniform interpretation of data protection across Europe

Berlin, July 04, 2023 - The EU Commission today plans to publish part of the so-called GDPR review, which aims to improve the General Data Protection Regulation that has been in force for five years. The focus is on better cooperation between data protection authorities in enforcing the GDPR in cross-border cases. Susanne Dehmel, member of the Bitkom management board, explains:

"The German digital economy welcomes the EU Commission's initiative to simplify and harmonize cross-border enforcement of the General Data Protection Regulation. However, the opportunity was not taken to address long known serious problems in this review of the GDPR. It has become apparent over the past five years that the so-called consistency procedure - i.e., cooperation between the various data protection authorities and with the EU Commission - does not function adequately. Companies in Europe are now faced with a confusion of interpretations between member states, but also within individual countries. Even in Germany, each individual state data protection authority can represent and enforce its own legal interpretation. This legal uncertainty leads to a locational disadvantage, especially for small and medium-sized enterprises - which will be further exacerbated with the increasing spread of new technologies such as artificial intelligence. Supervisory harmonization and the issue of guidance to companies from regulators is pressing, particularly in light of upcoming new regulations such as the AI Act, Digital Services Act, Digital Markets Act and Data Act.

The lack of harmonization has led to a very restrictive understanding of the GDPR in some countries and thus to noticeable distortions of competition. In Germany, 62 percent are hesitant to use data because they are afraid of violating data protection. 60 percent have already halted plans for innovations because data protection regulations or uncertainties have forced them to do so. In the interest of a functioning single market, technological progress, much-needed research - especially in the area of health data - and the EU's goal of supporting data spaces, data protection authorities, regulators and industry must find a new approach to consensus and dialogue to advance the data economy while preserving fundamental rights. This is the only way to achieve the original goal of the GDPR, which is to create a consistent yet adequate level of data protection in Europe."