Review on GDPR: no appetite for major changes?

The ongoing EU review of how the GDPR is working in practice was due to look mainly at data transfers and the cooperation and consistency mechanism. But some stakeholders are saying that the regulation needs updating in terms of new technologies.

The Council of the European Union is of the view that because new technologies such as blockchain, AI and facial recognition challenge fundamental rights, a review should be undertaken on whether they should be included in the GDPR.

However, speaking today at the CDPD conference in Brussels, Karolina Mojzesowicz, DG Justice European Commission, said that while the issue of new technologies will be looked at, the majority of feedback received so far indicates that stakeholders do not advocate major changes to the GDPR.

Mojzesowicz said that the GDPR is technology neutral, and can adapt to new developments in the market place such as AI. We need effective enforcement to rebalance accountability, and show that compliance pays off, she said. Certification and codes give controllers a bit more legal certainty. GDPR provides the tools but also flexibility, and certifications can develop much quicker than legislation.

The conference continues tomorrow when PL&B CEO Stewart Dresner will moderate a panel discussion on Digital Identity in Africa and the Middle East at 11.45.