28.05.2025 11:00:00
Дата публикации
The potential revision of the General Data Protection Regulation (GDPR) has sparked intense debate among rights advocates, experts, and business leaders. The European Commission is considering amendments aimed at easing compliance for small and medium-sized enterprises (SMEs).
However, some organizations fear this could weaken personal data protection.
One of the key changes under discussion is to Article 30(5) of the GDPR, which governs record-keeping of data processing activities. Under the proposed changes, companies with fewer than 750 employees could be exempt from maintaining such records, provided their operations do not pose high data processing risks.
Experts warn that this approach may undermine the GDPR’s “risk-based principle,” which ties the level of data protection to the potential impact of processing—not the size of the company.
A particular concern is that processing of special categories of data, such as medical information, might be exempt from strict requirements under certain conditions.
Rights groups like Article 19 and European Digital Rights caution that revising the GDPR could pave the way for further relaxation of the rules, including changes to user consent requirements and allowing personal data to be used for AI training.
Proponents of the reform argue that the core principles of the GDPR remain intact and that the changes would simply streamline compliance for responsible businesses. They contend that overregulation can stifle innovation and growth.
Nevertheless, human rights organizations are urging the European Commission to focus on stronger enforcement rather than rewriting the text. They stress the need for stricter oversight of major violators rather than loosening rules for all.
The GDPR debate also has geopolitical dimensions. International corporations and political actors have repeatedly tried to dilute Europe’s digital standards, citing competitiveness and economic concerns.
Weakening GDPR could set a precedent for rolling back other key laws like the DSA, DMA, and AI Act, ultimately undermining the EU’s unified regulatory framework.
The future of GDPR remains uncertain. The European Commission has not yet provided a final response, but rights groups continue to advocate for strong data protection norms.
User trust and the sustainability of the EU’s digital ecosystem rely not on lowering standards, but on transparency, security, and fair regulation.
In the long run, businesses that comply with strict standards benefit most, and the GDPR’s unified principles help ensure a level playing field across the market.
Ongoing discussions will reveal whether a balance between user rights and business interests can be maintained.
(automated translation)
