EC introduces new rules to “simplify” GDPR and boost innovation

The European Commission has announced a new digital package, encompassing a Digital Omnibus, Data Union Strategy, and European Business Wallet. The goal is to give European businesses more time to spend on innovation and upscaling and less time dealing with paperwork.

With the Digital Omnibus, the Commission proposes to simplify existing rules on AI, cybersecurity, and data.

For example, the Digital Omnibus aims to introduce a single entry point where companies can report cybersecurity incidents. Currently, businesses and organizations have to report these incidents to numerous authorities under several laws, including the NIS2 Directive, the General Data Protection Regulation (GDPR), and the Digital Operational Resilience Act (DORA).

By establishing a single entry point, it should become easier for companies and organizations to comply with the various reporting requirements.

In addition, the executive branch of the EU aims to establish an “innovation-friendly privacy framework” to “harmonize, clarify, and simplify” rules to boost innovation and support compliance by organizations while keeping the core of the GDPR intact.

Furthermore, cookie rules will be “modernized” to improve users’ experience, for example, by reducing the number of times cookie banners pop up and allowing users to indicate their consent with one click.

Lastly, the European Commission wants to reinforce the AI Office’s powers and centralize oversight of AI systems built on so-called general-purpose AI models. Currently, each Member State must have a separate supervisor to oversee AI development and implementation, causing fragmentation.

The new Data Union Strategy outlines additional measures to unlock more high-quality data for AI by expanding access. The European Commission wants to make it easier to exchange data, making it easier and cheaper for companies to access datasets.

With an European Business Wallet, the Commission wants to provide a “unified digital tool” to European companies and public sector bodies, enabling them to digitalize operations and interactions that currently still need to be done in person. This will reduce administrative processes and costs up to €150 billion each year.

“It is essential that the European Union acts to deliver on simplification and competitiveness while also maintaining a high level of protection for the fundamental rights of individuals, and this is precisely the balance this package strikes,” Michael McGrath, Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection, says in a statement.

The Digital Omnibus and other legislative proposals will now be submitted to the European Parliament and the Council for adoption.

Experts have already criticized the European Commission’s plans. A coalition of 127 civil society organizations, trade unions, and interest groups has sent an open letter, urging the Commission to rethink its plans regarding the Digital Omnibus proposal.

“It is not too late for the European Commission to change course to defend, not dismantle, the laws that protect us all,” they say.

Austrian privacy advocacy group noyb accuses the European Commission of “wrecking core GDPR principles.”

“The Digital Omnibus would mainly benefit big tech, while failing to provide any tangible benefits to average EU companies. This proposed reform is a sign of panic around shaping Europe’s digital future, not a sign of leadership. What we really need is a strategic, well-designed long-term plan to move Europe ahead,” Max Schrems, Chairman of noyb, says in a response to the Commission’s proposals.