Critics call proposed changes to landmark EU privacy law ‘death by a thousand cuts’ – “legitimate interest” would allow personal data exfiltration

Posted on by
Privacy activists say proposed changes to Europe’s landmark privacy law, including making it easier for Big Tech to harvest Europeans’ personal data for AI training, would flout EU case law and gut the legislation.
The changes proposed by the European Commission are part of a drive to simplify a slew of laws adopted in recent years on technology, environmental and financial issues which have in turn faced pushback from companies and the U.S. government.
Sign up here.
EU antitrust chief Henna Virkkunen will present the Digital Omnibus, in effect proposals to cut red tape and overlapping legislation such as the General Data Protection Regulation, the Artificial Intelligence Act, the e-Privacy Directive and the Data Act, on November 19.
According to the plans, Google (GOOGL.O)

, opens new tab, Meta Platforms (META.O)

, opens new tab, OpenAI and other tech companies may be allowed to use Europeans’ personal data to train their AI models based on legitimate interest.
In addition, companies may be exempted from the ban on processing special categories of personal data “in order not to disproportionately hinder the development and operation of AI and taking into account the capabilities of the controller to identify and remove special categories of personal data”.
“The draft Digital Omnibus proposes countless changes to many different articles of the GDPR. In combination this amounts to a death by a thousand cuts,” Austrian privacy group noyb said in a statement.
Noyb is known for filing complaints against American companies such as Apple (AAPL.O)
, opens new tab, Alphabet and Meta that have triggered several investigations and resulted in billions of dollars in fines.
“This would be a massive downgrading of Europeans’ privacy 10 years after the GDPR was adopted,” noyb’s Max Schrems said.
European Digital Rights, an association of civil and human rights organisations across Europe, slammed a proposal to merge the ePrivacy Directive, known as the cookie law that resulted in the proliferation of cookie consent pop-ups, into the GDPR.
“These proposals would change how the EU protects what happens inside your phone, computer and connected devices,” EDRi policy advisor Itxaso Dominguez de Olazabal wrote in a LinkedIn post.
“That means access to your device could rely on legitimate interest or broad exemptions like security, fraud detection or audience measurement,” she said.
The proposals would need to be thrashed out with EU countries and European Parliament in the coming months before they can be implemented.

Source: Critics call proposed changes to landmark EU privacy law ‘death by a thousand cuts’ | Reuters

Anyone can claim anything as being “legitimate interest”. It is what terms and conditions have been using for decades to pass any and all data on to third parties. At least the GDPR kind of stood in the way from it going to countries like the USA and China.

Robi nEdgar sitting in a chair

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com