GDPR review calls for better handling of cross-border cases
The delayed GDPR review does not include any radical proposals for updating the Regulation, despite some calls to be more specific about new technologies. By Laura Linkomies.
As the GDPR turned two, Slovenia still has not implemented the GDPR in its national law, and work on adapting sectoral laws is on-going at national level. The Commission says that it “will explore whether, in the light of further experience and relevant caselaw, proposing possible future targeted amendments to certain provisions of the GDPR might be appropriate”. It will use all of the tools at its disposal, including infringement procedures, to ensure that Member States comply with the GDPR.
The GDPR’s technologically-neutral approach was put to the test during the Covid-19 pandemic and has proven to be largely successful. Its principles-based rules supported the development of tools to combat and monitor the spread of the virus. Prior to the report of the Commission’s review, there was some debate whether the Regulation should be opened up and modernised in light of new technologies. Industry stakeholders have stressed that innovation requires that the GDPR is applied in a principle-based way, in line with its design, rather than in a rigid and formal manner. Regulatory sandboxes could be useful for testing new ideas, industry says, and now it looks like that the EU may address AI in a separate piece of legislation.