Over one hundred groups and individuals have united to oppose any GDPR changes. The EU’s landmark General Data Protection Regulation is facing potential revisions this week. These changes aim to simplify data privacy law recordkeeping for many small businesses. EU Commissioner Michael McGrath confirmed GDPR is part of EU simplification efforts currently. He mentioned this in March comments to the Center for Strategic and International Studies. McGrath said recordkeeping for small and medium-sized organizations (SMEs) would be examined. The goal is easing burdens on smaller firms regarding their record retention requirements. However the EU aims to preserve GDPR’s underlying core data protection objectives.
A broad coalition today sent a letter to key EU officials expressing strong opposition. Signatories include Amnesty International EPIC Mozilla Proton Public Citizen and the group noyb. They are alarmed by a growing risk to Europe’s most important digital rights law. These groups fear the GDPR seems set to be quietly unraveled by these changes. They state GDPR is more than just a regulation it is a hard-fought achievement. It serves as the very backbone of the European Union’s extensive digital rulebook. The law sets high standards globally and safeguards people’s dignity in a data-driven world. Changes are expected as part of the fourth omnibus package for small companies.
There are also mounting rumors GDPR will be reopened for more initiatives later on.
The “Fourth Omnibus on small mid-caps” is on the May 21 Commission meeting agenda. While proposed changes might seem good they could allow some companies to avoid recordkeeping. This could happen even when handling very special categories of sensitive personal data. Exemptions might be based purely on an organization’s staff headcount or its turnover. The coalition warns this could undermine the GDPR’s important risk-based foundational approach. It also weakens personal data protection which is recognized as a fundamental human right. The groups argue that data rights do not become less important for smaller controllers. People’s vulnerability to harm does not shrink when the company size is smaller.
Using competitiveness to justify exemptions suggests people’s rights are expendable for economic interests.
These concerned groups worry that small business changes could be just the very start. Once reopened the GDPR could become vulnerable to much broader future deregulatory demands. Many such pressures are already visible including calls to weaken rules on user consent. Some also want to legitimize invasive uses of personal data for AI model training. Instead of weakening protections the groups say the EU should invest in real enforcement. This means enforcing existing rules against repeat offenders while also improving official guidance. Better access to tools and proportional compliance support for smaller actors is also needed. Officials cite SME burden inconsistent enforcement and AI data needs as reasons for review. MEP Axel Voss suggested legally secure methods for anonymized data processing for AI research.
Reference:
