European Commission proposes enforcement instead amending GDPR
The European Commission has decided not to revise the General Data Protection Regulation (GDPR) but will instead focus on improving its enforcement. A spokesperson confirmed that there will be no reopening of the regulation before the next report scheduled for 2028. The latest report, published in late July, highlighted ongoing enforcement issues that have persisted since the initial report. Although no changes were made to the GDPR itself, the Council and Parliament have adopted positions on procedural rules, with negotiations anticipated to begin soon.
The importance of enforcing the current GDPR framework is underscored by the need for EU companies to access high-quality data for training artificial intelligence (AI) models. MEP Birgit Sippel emphasized that poor data quality, such as racial bias in datasets, can hinder AI’s effectiveness in critical areas like healthcare. On the other hand, MEP Axel Voss argued that the rapid advancement of AI necessitates a reevaluation of GDPR to support innovation while ensuring that privacy is not compromised.
The lawfulness of using personal data for AI training is currently under legal scrutiny, with multiple cases challenging the legitimacy of processing practices under GDPR. Meta, the parent company of Facebook and Instagram, has faced legal setbacks regarding its data processing methods, leading to a shift from a contract performance model to user consent. Additionally, the interpretation of legitimate interest as a legal basis for data processing has been contested, prompting Meta to suspend its AI initiatives in Europe.
To address the limitations of GDPR, EU legislators have established “regulatory sandboxes” that allow AI companies to experiment under regulatory oversight. However, these measures can burden companies and slow their competitive edge. New regulations, such as the Data Act and the Data Governance Act, aim to facilitate data use for AI training while maintaining privacy standards. Advocates stress the importance of preserving GDPR’s core principles amid the challenges posed by AI advancements, warning against potential attempts to weaken privacy protections in the name of security.
