The EU Commission is attempting to nullify significant privacy protections regarding GDPR and AI under the guise of the "Digital Omnibus" provision, intended only for minor adjustments. These proposed revisions cut to the very core of the ethos and intent of the GDPR legislation - affording BigTech an arsenal of avoidance in terms of future compliance.
Narrowing "Personal Data" Definition: Companies could argue data isn’t "personal" if they can’t identify individuals, exempting them from GDPR compliance.
Weakening Data Subject Rights: Rights like access, deletion, and correction could be limited to "data protection purposes," blocking their use in labor disputes, journalism, or research.
AI Training Free Pass: Tech giants (Google, Meta, OpenAI) could use Europeans’ personal and sensitive data for AI training with minimal safeguards.
Reduced Protection for Sensitive Data: Health, political, and sexual orientation data would only be protected if "directly revealed," not if deduced.
Remote Device Access: Companies could pull data from users’ devices for vague purposes like "security" or "statistics," risking invasive data collection.
tl;dr Germany is again pushing for macro-level EU reforms that bypass legislative safeguards, violate existing precedent, and disenfranchises EU Citizens in favour of BigTech. The legitimacy of GDPR as a democratic safeguard against Corporate Malfeasance will be effectively nullified in one fell swoop.
Narrowing "Personal Data" Definition: Companies could argue data isn’t "personal" if they can’t identify individuals, exempting them from GDPR compliance.
Weakening Data Subject Rights: Rights like access, deletion, and correction could be limited to "data protection purposes," blocking their use in labor disputes, journalism, or research.
AI Training Free Pass: Tech giants (Google, Meta, OpenAI) could use Europeans’ personal and sensitive data for AI training with minimal safeguards.
Reduced Protection for Sensitive Data: Health, political, and sexual orientation data would only be protected if "directly revealed," not if deduced.
Remote Device Access: Companies could pull data from users’ devices for vague purposes like "security" or "statistics," risking invasive data collection.
tl;dr Germany is again pushing for macro-level EU reforms that bypass legislative safeguards, violate existing precedent, and disenfranchises EU Citizens in favour of BigTech. The legitimacy of GDPR as a democratic safeguard against Corporate Malfeasance will be effectively nullified in one fell swoop.