Privacy First recently participated in the European Commission's consultation on the simplification of European digital rules. In our consultation response, Privacy First warns that digitization not only creates positive consequences, but also exponentially increases risks for consumers and small organizations.
On top of that, current European digital rules are insufficiently enforced. Here, we refer to a recent report by Interface on the protection of children[1] and to a 2024 report by the European privacy regulators[2] showing that the AVG cannot be enforced on parties from outside the EU.
Our response makes a large number of recommendations to strengthen supervision and enforcement, which can also create a level playing field for European companies.
The rules on tracking technologies (cookies, IP address recognition and device recognition and the like) can be simplified by no longer allowing them for governments and providers of essential services. Furthermore, we advocate making data trading subject to licensing and quickly identifying the risks AI poses to citizens and small organizations.
Privacy First separately addresses the issue of identification and trust services. We explicitly warn against overidentification and suggest, among other things:
These proposals follow Privacy First's earlier request to De Nederlandsche Bank and the Minister of Finance to adjust the identification practices of financial institutions(pdf).
Privacy First's entire consultation submission can be found here (pdf).[3]
[1] Mind the Gap | Age Assurance and the Limits of Enforcement under EU Law, https://www.interface-eu.org/publications/age-assurance-gap.
[2] EDPB: Report on the extraterritorial enforcement of the GDPR.
[3] See also this link to the European Commission's consultation page. (Click on 'Show original language (NL)').
