Dati digitali e la “semplificazione” del GDPR servono gli interessi aziendali e limitano la privacy degli utenti

Brussels – In a desperate attempt to regain for European companies the much-sought-after economic competitiveness lost to the United States and China, the EU Commission may be about to pummel one of the most important pieces of digital legislation: the General Data Protection Regulation, better known by its acronym, GDPR.

According to rumours circulating in the international press in the last few hours, the so-called “Digital Omnibus” that the EU executive is expected to present in the coming weeks would contain a series of proposals aimed at radically reforming the GDPR, hitherto hailed in Brussels as one of the most advanced legislations in the world in terms of protecting user privacy in the IT world.

The push would come from none other than Mario Draghi. The GDPR, adopted in 2016 and entered into force in 2018, was one of the targets of the European Competitiveness Report he presented in September 2024. On several occasions thereafter, the former Italian prime minister and former number one at the ECB has raked in accusations against the data regulation, criticising, above all, certain aspects of its clumsy implementation.

According to him, the excessive fragmentation and complexity of the implementation framework would create an unsustainable burden for businesses, especially small and medium-sized enterprises (SMEs), generate legal uncertainty (overlapping, moreover, with the rules of the more recent AI Act), and hinder the development of a true digital single market.

Specifically, regarding the training of artificial intelligence (AI) models, the GDPR would slow down the innovation of European companies, creating an artificial ballast from which, de facto, their US and Chinese counterparts benefit. Indeed, Draghi points to a 20 per cent increase in data management costs for economic operators in the EU. On this basis, he has repeatedly defended the need for a “radical simplification” of the regulation, as well as greater harmonisation at the implementation level.

Given that industrial competitiveness is one of the Polar Stars of the Commission’s policy agenda, the Berlaymont would set to work dismantling some central elements of the GDPR to make life easier for developers. The aim is to foster the Union’s emergence as a global hub of artificial intelligence, according to a twelve-star deregulation strategy announced months ago by Ursula von der Leyen herself.

In the race for global hegemony in this critical area, to which Brussels wants to participate building a series of AI Gigafactories where to train “Made in Europe” AI models (
an initiative that seems to have attracted the interest of the industry), the new gold of the 21st century is user data, collected in huge quantities by digital platforms and various services under the pretext of providing a more efficient and personalised experience.

The GDPR is one of the most important European texts of the last years. It suffers from many limits, notably the “legitimate interest” of Article 6, which is sometimes interpreted too laxly (e.g., in France, you cannot ask the Church to remove you from the baptism list, because Courts have ruled that somehow they have a legitimate interest to keep track of apostates), but instead of doubling down on it, the Commission wants to eradicate it. Between that and ChatControl, they really are crazy.

Ah, the old trade freedom for security routine.
Who are they trying to fool?
They want:
1. Chat Control: access to private messages to “protect the kids”
2. Protect the EU: because nothing says “protect” like accessing encrypted messages in clear violation of Articles 7 and 8 of the EU charter of Fundamental rights.
3. Digital Omnibus: those pesky citizen “rights and protections” giving you trouble? Simple, git the GDPR and problem is fixed.