The European Commission faces significant criticism for its recent proposals aimed at delaying key aspects of the EU’s Artificial Intelligence Act and modifying its landmark data protection regulation. Critics argue that these changes represent a substantial rollback of the EU’s digital protections, particularly when it comes to the use of personal data in training AI models.
If the proposed amendments are approved, tech companies would gain greater leeway to utilize personal data without obtaining user consent, thereby easing the burden of what has been termed “cookie banner fatigue.” This move aims to reduce the number of times users have to consent to being tracked online.
Furthermore, the commission indicated a plan to postpone the implementation of crucial elements of the AI Act, which is set to take effect in August 2024. This delay would grant companies developing high-risk AI systems—such as those involved in healthcare or crucial decision-making—up to 18 additional months to align with the new regulations.
These proposals are part of a broader “digital omnibus” initiative, which seeks to streamline regulations encompassing the General Data Protection Regulation (GDPR), the AI Act, the ePrivacy directive, and the Data Act. The changes follow a shift in the EU’s policy priorities after warnings from former Italian Prime Minister Mario Draghi highlighted concerns about Europe’s competitiveness in innovation against the US and China, particularly in emerging technologies like AI.
Valdis Dombrovskis, the EU’s economy commissioner, emphasized that Europe has yet to harness the full potential of the digital revolution, warning against the costs of falling behind. He claimed that the proposed measures could save businesses and consumers approximately €5 billion in administrative costs by 2029.
While some European business groups welcomed the proposal as a step forward, they also called for more comprehensive reviews of the EU’s digital regulations. In contrast, European Digital Rights (EDRi), a coalition of NGOs, denounced the changes as damaging to human rights and digital privacy in the EU, asserting that they would enable the unrestricted use of sensitive personal data for AI training.
Henna Virkkunen, the commission’s vice-president overseeing tech policy, defended the changes, stating the intent to facilitate the growth and innovation of European startups rather than appease larger tech companies. She insisted that the adjustments were meant to keep European businesses competitive and to clarify existing rules without sacrificing the level of data protection in place.
Michael McGrath, responsible for GDPR, noted that the feedback shaping these proposals has predominantly come from EU companies. He reiterated that the commission aims to introduce targeted amendments to GDPR that would refine existing guidelines while maintaining robust data protection standards across Europe.
Officials from the EU have assured users that they will still retain control over their online data. Virkkunen remarked on the need for simplification in the consent process regarding cookies, indicating that the intention is to reduce the time spent by users managing cookie consent, allowing for a more user-friendly experience.