EU must overhaul flagship data protection laws, says ‘father’ of policy

GDPR already out of date and must be revised for new tech, says Axel Voss

Europe’s flagship data protection laws are already out of date and must be heavily revised for a post-pandemic world, said a member of the European parliament who spent years drafting the measures.

Axel Voss, one of the fathers of the General Data Protection Regulation, told the Financial Times that it needs "some type of surgery" less than three years after it came into force, and ahead of a vote by the parliament to celebrate it as a "gold standard for the world".

Mr Voss said GDPR needed to be revised to take into account not only the widespread move to homeworking, but also the emergence of a host of new technologies.

“We have to be aware that GDPR is not made for blockchain, facial or voice recognition, text and data mining ...artificial intelligence,” said the German MEP.


“The digital world is about innovation. We cannot stick with principles established in the 80s that do not reflect the new situation we are living in,” he said.

GDPR is also a very general piece of legislation that leaves lots of flexibility for implementation.

He added that, if enforced to the letter, it represented a minefield for people working outside their offices and using software that authenticates them for a host of services with a single login.

“If you have a home office situation and you’re dealing with personal data, you are left alone with numerous legal obligations that are difficult to understand. What are the requirements for dealing with data protection in a private home?”

He said his view, that the rules need to be revised "in a very detailed way", was shared by his political group in the parliament, the European People's party (EPP), a coalition which includes German Chancellor Angela Merkel in its ranks.

But Sophie in’t Veld, a Dutch MEP who was also involved in drafting GDPR, said the law remains fit for purpose. “Is a law ever perfect for every individual and union? No, of course not,” she said.

“But we worked on this piece of legislation for five years and we have prepared it better than any other legislation. We spoke to hundreds of companies, academics, privacy experts, civil societies, tech experts, you name it.”

She added: “The idea that we have overlooked something is not plausible. GDPR is also a very general piece of legislation that leaves lots of flexibility for implementation.”

While GDPR has been seen as a template for the rest of the world, it has been hard to implement, and the European Commission has recently suggested that small businesses in particular are struggling with the rules. –Copyright The Financial Times Limited 2021