[Opinionated piece by Antonio Aloisi, Associate Professor of European and comparative Labour Law, IE University, Madrid, Spain.]
"Simplify”, “Streamline”, “Scale back”. While EU communiqués often find creative ways to avoid uttering the word “deregulation”, this new European Commission is all about boosting the bloc’s competitiveness by “cutting red tape”. The intention to stimulate the continent’s economy might be laudable, but there is a real risk of throwing the baby out with the bathwater.
The Draghi Report, presented in September 2024, laid the foundation for a shake-up of one of the EU’s crown jewels in digital regulation – the General Data Protection Regulation (GDPR). According to the report, certain regulations present “overlaps and inconsistencies”, leading to fragmentation.
Draghi pinpointed GDPR as a particular source of headaches, thanks largely to its complexity, burdensome national implementation, inconsistent local enforcement, and disproportionately high compliance costs for small and medium enterprises compared to larger corporations. Now the whispers are over: GDPR seems headed for the chop, much like sustainability reporting rules before it.
Yet the world has changed dramatically in recent months, meaning many of Draghi’s proposals are tailor-made for a context that no longer exists. Additionally, the US’ disastrous DOGE experiment offers a stark cautionary tale of deregulation leading to chaos rather than efficiency. Legal institutions, after all, are complex systems designed for the critical purpose of protecting people’s rights.
...
Put the chainsaw away
Blaming the GDPR for Europe’s growth woes makes for great clickbait, LinkedIn memes and after-dinner quips, but it ignores the real issues. Looser privacy rules will not fix our problems. On the contrary, a smarter framework for workers’ digital rights could serve as a robust counterbalance, ensuring that AM operates as a tool for efficiency rather than unchecked command-and-control.
By all means, critique the GDPR, but aim at the right target. Its abstract, transactional, individualistic DNA is ill-suited to the collective, lopsided reality of modern workplaces where employees’ data is fed into black-box AI systems.
In those environments the answer is not to prune protections, but to reinforce them by clarifying legal bases, establishing red lines, hard-wiring collective rights, and closing enforcement loopholes. Reform, yes. Regression, no.
The only reason I blame GDPR is because cookies banners, web designers turned that anoying on propose so one click on the big button anyway to get past them.
GDPRv2 must include a rule to force websites to follow one single global user setting automatically given by the browser, like the "do not track" thing
Just so you know: GDPR has (mostly) nothing to do with those cookie banners. It's a very broad text that doesn't go into specifics like that.
What you're seeing is a result of the 2002 E-Privacy directive that has been reinterpreted by data privacy authorities in light of the new definition of consent brought by the GDPR.
Basically, since 2002, websites are required to ask users for consent before depositing cookies. The issue was that there was no definition of what this consent meant. What the GDPR did is simply to define the concept of consent as a free expression of will that must come from a positive act (i.e. it must be explicit rather than implicit).
The GDPR was supposed to come out with a sister regulation called the E-Privacy regulation, but due to intense lobbying that text was buried. Local data protection authorities in Europe then decided to reinterpret that old directive in light of the GDPR to fill the gap.
All in all, blame the lobbyists, not the GDPR
And after all that, sites still wouldn't have to use cookie banners like they do, they are just choosing to, to annoy people into giving "consent".
nearly all websites implement cookie banners illegally, by intention, and that's not the fault of the GDPR
https://www.bitecode.dev/p/there-is-no-eu-cookie-banner-law
Dont blame gdpr for that, blame the corporations for malicious compliance. They are also already breaking the law if you cant reject everything with one click and if doing so breaks the website.
Once I found the Super Agent extension, this essentially went away for me. Let's you preset general options of what you want to allow, and will automatically fill those out for you when you visit new sites. Even works on the Firefox mobile browsers.
When I worked at a big company they interpreted the law that all options must be equally easy so we implemented that, not because they are nice but because they're afraid of monster fines.