Is the topic of the week.

We’ve all read the thousand expert analyses by those kind enough to spend the weekend dissecting the leaked draft of the sp called Digital Omnibus proposed reform ( if it’s round like a probe balloon, flies like a probe balloon, and probes like a probe balloon… ) to the GDPR, AI Act, e-Privacy and more.

Regarding the GDPR, not-so-great things, halfway decent things, and a few that are just... meh.

Heads-up: this edition has so many memes that half won’t make it into the email—if you don’t want to miss them, head over to the website.

No one denies that Brussels has gone a bit crazy legislating lately, that the quality of the new regulations isn’t what one might hope for, and on top of that, the application of what’s been published presents some thrilling challenges.

We’re not denying it either.

But what can’t be is that, in the name of simplification, smoothing out rough edges, reducing friction, and all the usual lobbyist nonsense that’s becoming less and less disguised—EVERY proposed amendment in that long piece of paper erodes citizens’ rights.

Because that’s the criterion that reveals a good proposal: Is it useful, beneficial for everyone? Does that brilliant idea directly solve the problem it’s supposed to fix? Does it expand rights for all? Or does it only benefit a few, at the expense of harming a group that—for whatever reason—is vulnerable or unlikely to defend itself, while failing to actually solve that very problem? Just kicking that can down the road “for later”?

When you ask yourself that question about this Digital Omnibus, remember: in this case, no one gets out unscathed—ALL of us are in the harmed group.

And if Virkunnen (or you, the reader, for that matter) believe this Omnibus will help Europe regain its competitiveness, lay your arguments on the table, because that’s anything but clear.

This is especially outrageous considering the relationship between the proposed reforms and the recent CJEU case law: the Scania / SRB doctrine is selectively included to restrict the concept of personal data. But for whatever reason, the CJEU interpretation paving the way for wide interpretation of the scope of special category data gets the opposite “processing”.

The increase to 96 hours for breach notification isn’t bad, but the bit about framing AI training as a possible lawful interest (without specification of which ones can be that legitimate), well… okay. And the idea of allowing denial of rights requests when it’s clearly a trick for something unrelated—sure, but it’s not clear if it would’ve been better to leave that out as a possible argument before the DPA when dealing with a dodgy requester. Or the odd inclusion of a list of PIA scenarios, when there’s already one per DPA validated by the EDPB (and nearly identical to the old WP29 guidelines on PIAs).

We’ll see how it all ends up. Even though the first impulse is to dive into the full draft, what really matters is what survives the entire process we all know too well. And it’s not like this is our first rodeo: the GDPR psychosis, Schrems I and II, the RIA and the AI free-for-all…

Now seriously: always remember that the motto of the European legislator is that classic Spanish saying “dress me slowly, for I’m in a hurry”: here’s the infographic of the legislative process awaiting this big idea. The final product will resemble the leaked draft like an egg resembles a chestnut.

By the way… has the EDPB said anything?

You’re reading ZERO PARTY DATA. The newsletter on tech news from the perspective of data protection law and AI by Jorge García Herrero and Darío López Rincón.

In the spare moments this newsletter leaves us, we like to solve messy problems in personal data protection and artificial intelligence. If you’ve got one of those, give us a little wave. Or contact us by email at jgh(at)jorgegarciaherrero.com

Thanks for reading Zero Party Data! Sign up!

🗞️News of the Data-world 🌍

.- The announcement that EDRi, Noyb, and the Irish Council for Civil Liberties are sending an open letter to the European Commission about the Digital Omnibus package. A fine round of Napoleonic artillery from the leaked draft.

.– Second round of the Latombe case. The General Court didn’t buy into it, but the appeal has already been accepted by the CJEU. It shouldn’t cause a shock or diverge much from the Advocate General’s argument, but let’s see if the US doesn’t head back to the Wild West.

.– Another notch coming for China. And the fun with flags we’ll have in Spain when betting on Chinese telcos.

.- As European and national regulation continues shaping age verification, it’s always good to remember the risks of collecting problematic information. Verge offers a quick rundown of cases: Discord (never a great GDPR compliance role model), minimization warnings from the UK as a “safe third country” (for now, with doubts) or the French legislative move.

📄High density docs for data junkies☕️

This week’s section is dedicated to the best summaries and sources we’ve seen about the Digital Omnibus. And they all complement each other.

– The easiest to read and well structured by Carlos Fernández.

– The comprehensive one breaking down every change in Noyb’s chart format, focused on what’s being proposed for the GDPR. Plus some dramatic takes on the “pruning” on LinkedIn.

.- A LinkedIn opinion piece in two parts by Andreea Lisievici Nevin. With a reflection that might be ironic, but isn’t all that implausible either. Part 1 and part 2.

.– Jorge Morell’s take focusing on the proposed RIA changes.

💀Death by Meme🤣

🤖NoRobots.txt or The AI Stuff

.- EDPS guidance on AI risk management. At first glance, it looks like yet another doc that says little, but the annexes seem promising.

.- As if there weren’t enough biases and problems already, now comes the eating disorder angle, via The Verge. Sometimes, it’s a relief not to be a minor in the age of AI.

If you think someone might like—or even find this newsletter useful—feel free to forward it.

Compartir

If you miss any document, comment, or bit of nonsense that clearly should have been included in this week’s Zero Party Data, write to us or leave a comment and we’ll consider it for the next edition.

Deja un comentario