EU starts to deliver its simplification agenda for digital
The EU Commission is proposing targeted amendments to the GDPR, for example to narrow the definition of personal data and to allow organisations the option to refuse an access request if it not made for data protection purposes, or charge a reasonable fee.
The Digital Omnibus proposal, issued today, is only the first step in the Commission's simplification efforts in the digital domain.
The Commission is also suggesting modifications to the cookie regime given that the e-Privacy Regulation was withdrawn. The intention is to reduce the number of times cookie banners pop up and allow users to indicate their consent with one-click and save their cookie preferences through central settings of preferences in browsers and operating system, the Commission says.
The Digital Omnibus on AI follows from challenges with implementing the AI Act’s provisions, and pressure from technology companies and the US government.
The proposal aims at facilitating AI compliance with the data protection laws by allowing providers and deployers of all AI systems and models to process special categories of personal data for ensuring bias detection and correction, the Commission says. It would also reduce the registration burden for providers of AI systems that are used in high-risk areas.
Other topics include a transition period of 6 months for Article 50(2) of the AI Act [transparency obligations]. This would allow AI systems that are already on the market on 2 August 2026 to be made compliant by 2 February 2027.
The Commission is preparing various pieces of guidance, for example on joint guidelines by the Commission and the European Data Protection Board on the interplay of the AI Act and data protection law, on the practical application of the obligations for providers and deployers of high-risk AI systems, as well as a template for fundamental rights impact assessments.
The EU Commission consulted stakeholders this autumn on how to simplify its legislation on data, cybersecurity and artificial intelligence. The current proposals have to be approved by the co-legislators, the European Parliament and the Council.
See: