The Autoriteit Persoonsgegevens (AP) has taken note of the European Commission's official Omnibus proposal. With it, the Commission says it wants to amend several laws, including the General Data Protection Regulation (AVG) and the AI Regulation, to simplify digital regulations. That aim is understandable, as long as it does not affect people's rights.
The proposal contains changes that affect the way privacy and personal information are protected. What sometimes looks like a limited tweak on paper may in practice impact something very fundamental: the right of people to control what happens to their private data.
Before such sweeping changes are made, the consequences for citizens, businesses and regulators must be clear. That impact has not been examined by the Commission. Laws that are so important for the protection of people should not be hastily changed. Care should be paramount.
Legal certainty must be maintained. European rules work because member states follow the same rules of the game. So that people and companies know in advance where they stand. When definitions or concepts are changed - for example, what is or is not personal data - or certain rules are changed, it is important that the rules remain clear and enforceable for everyone in the EU.
New applications with data and artificial intelligence (AI) are possible, as long as people remain in control of their data and the applications are secure. Innovation and legal protection can go hand in hand. New applications with data and AI offer opportunities, but only if they are designed from the start with privacy and autonomy of people in mind. Any proposals to create broader opportunities for training AI systems, for example, therefore require clear safeguards.
The AP will continue to study the full Commission proposal. Once that analysis is ready, the AP will share it with the public and with relevant ministries and fellow European regulators.
