Major U-turn: EU to ease GDPR and AI rules
What's the story
The European Commission has proposed major changes to its flagship General Data Protection Regulation (GDPR) and artificial intelligence (AI) laws. The move comes amid pressure from tech giants and the US government. The changes include simplifying cookie permission pop-ups and allowing companies to share anonymized/pseudonymized personal datasets more easily. They also let AI firms use personal data for training models if other GDPR requirements are met.
Regulatory changes
AI Act amendments and cookie pop-up reduction
The proposed changes also amend the AI Act, which came into effect in 2024. The revised rules extend the grace period for high-risk AI systems that pose "serious risks" to health, safety or fundamental rights. They will only apply once it's confirmed that "the needed standards and support tools are available" to AI companies. Notably, some "non-risk" cookies won't trigger pop-ups under this proposal. Users can control others from central browser controls applicable across websites.
Additional provisions
Simplified AI documentation and centralized oversight
The proposed changes also include simplified AI documentation requirements for smaller companies, a unified interface for reporting cybersecurity incidents, and centralizing AI oversight into the bloc's AI Office. Henna Virkkunen, executive vice-president for tech sovereignty at the European Commission, said these changes are aimed at giving space for innovation while ensuring fundamental rights of users remain fully protected.
Approval process
Proposal awaits approval from European Parliament and member states
The proposed changes now await approval from the European Parliament and EU's 27 member states, a process that could take months and lead to significant alterations. The move has already drawn criticism from civil rights groups and politicians who accuse the Commission of undermining fundamental safeguards under pressure from Big Tech.