The EU’s promised “cutting of red tape” and simplification of General Data Protection Regulation (GDPR) for business actually only offered “cosmetic fixes” and “minor change”, said a major tech organisation.
“At best, today’s proposal will ease GDPR burdens for just 0.2 per cent of EU companies,” said Claudia Canelles Quaroni from the Computer & Communications Industry Association.
“While well-intentioned, its limited scope means it won’t meaningfully strengthen Europe’s dwindling digital competitiveness. These are cosmetic fixes, not systemic solutions,” said Quaroni, the industry group’s privacy and safety lead for Europe.
On May 21, the European Commission presented its Single Market Strategy, promising it would “create a more simple, seamless and strong European home market”.
According to Brussels, this strategy “sets out bold actions to reduce existing barriers holding back intra-EU trade and investments, helps SMEs to operate and scale up their activities, and alleviates businesses by boosting digitalisation. ”
The Commission claimed the measures would cut €400 million in annual administrative costs for companies.
Companies would now be able to submit documents digitally to comply with obligations under certain EU harmonised product legislation, and provide product instructions digitally rather than on paper.
This is in fact the fourth “omnibus” simplification package in Brussels, aimed to simplify rules for small mid-cap companies.
But the package “falls far short of addressing the deeper structural issues that plague the EU’s data protection framework” and “without further adjustments, enforcement and implementation will remain weak”, Quaroni said.
Seven years after the GDPR came into force, a truly consistent and harmonised application across the EU remained elusive, she added.
The current framework still suffers from fragmented implementation across Member States, undermining the goal of a single, coherent set of data protection rules, she said.
Achieving this uniformity requires greater alignment between GDPR and other EU legislation, a stronger role for the one-stop-shop mechanism, and clearer limits on national-level deviations, said Quaroni.
More comprehensive reforms were needed, including simplified legislation, clearer guidance, and better coordination between national data protection authorities, she said.
“Much of this Single Market Strategy is heading in the right direction – from stronger enforcement coordination and better implementation across Member States, to the use of digital tools that simplify compliance with product rules and reporting requirements,” said her colleague Alexandre Roure, the CCIA’s head of policy for Europe.
“However, we are concerned by top-down proposals on technical standardisation and a ‘European preference’ in procurement. In both cases, the Commission seems to believe it could be better positioned to meet market needs than industry experts or customers on the ground”, Roure continued.
“Whether this Strategy delivers meaningful progress or just a patchwork of quick fixes will depend on turning promising ideas into real action. All of this must benefit the broader economy – not just a narrow slice of companies – and the Commission must resist the temptation to centralise where flexibility and market-driven solutions deliver better results,” he said.