During the drafting process of the EU’s General Data Protection Regulation, or GDPR for short, which took effect in 2018, the proposal drew a record high number of amendments in the European Parliament – more than 3,000! – which clearly indicates how lobbying efforts dominate decision-making processes in Brussels. It is easy to see that as the new European privacy law was of concern to many Big Tech companies, they tried to influence the content of the bill. In fact, GDPR should be seen as the result of an intensive dialogue between European lawmakers and tech giants, a ’good law’ that has proven to be a success over the last couple of years. GDPR has become Europe’s most famous ’tech law’ which forces companies doing business in Europe not only in the technology sector but also in other areas to manage their data and to handle the requests and rights of data respecting and protecting personal data.
Thanks to GDPR, since 2018, Europeans have become used to various companies asking for their consent to use their data. Given that GDPR has really worked almost perfectly, it is quite surprising that, by spring 2025, the European Commission seems determined to deliver a proposal to simplify regulations.
Given the above-mentioned excessive lobbying efforts over the drafting of GDPR, coupled with the recent bribery scandal involving China’s tech giant Huawei, the question arises of why our well-proven GDPR needs to be cut.
Although it does not provide a full explanation for the recent easing of the law, the so-called Draghi Report on European competitiveness released last year should serve as a guideline in the search for reasons as certain findings of this study have provided a starting point for some of the current criticism of GDPR, namely that complex European regulations prevent the EU’s economy from catching up with the US and China. According to this report, ’The EU’s regulatory stance towards tech companies hampers innovation’. The Draghi report also said that, inconsistent GDPR enforcement country by country creates an administrative burden for European companies.
Mario Draghi’s report on EU competitiveness is not the only document focusing on the need for modifications in GDPR. According to the EU Commission’s 2024 report on GDPR, ’there is broad consensus among stakeholders, data protection authorities and Member States that, despite some challenges, the GDPR has delivered important results for individuals and businesses. (…) At the same time, further progress should be made in a number of areas. In particular, in the coming years, the focus should be on supporting stakeholders’ compliance efforts – especially small and medium sized enterprises (SMEs), small operators and researchers and research organisations, providing clearer and more actionable guidance from the data protection authorities, and achieving a more consistent interpretation and enforcement of the GDPR across the EU.’
Shortly, small and medium-sized businesses need greater support in their compliance efforts, the Commission believes. The simplification plan will focus on reporting requirements for organizations with less than 500 people, Commission officials claim, immediately adding that the trim will not touch the underlying core objective of the GDPR regime.
While the idea of boosting European competitiveness and supporting smaller organizations is certainly more than welcomed, in view of dominant influence of global tech giants like Meta, Google, Apple and others, who can believe that the Commission proposal to soften European data protection regulations indeed serves SMEs’ interests and has nothing to do with the interests of big companies…?
The hypothesis that the revision of GDPR is in fact the result of lobbying efforts by tech giants seems to be supported by the fact that in Brussels, we quite often see corporate lobbying cases which sooner or later turn out to be corruption cases. Such cases include not only political lobbying, such as the memorable Qatargate scandal, but also cases of economic influence, such as the recent Huawei bribery case.
It is also worth recalling the so-called Pfizergate scandal of European Commission President Ursula von der Leyen, who, during the COVID-19 pandemic, in the name of the whole EU, concluded a multi-billion euro vaccine contract via text messages, under the influence of a powerful US corporate lobby Concerning von der Leyen, it should also be noted that a number of reports have focused on the fact that lobbyists from German, American, French and other companies have been granted free entry into her office in the Berlaymont building.
While it is wise to pay attention to some of the Draghi Report’s warnings such as GDPR’s inconsistent implementation and enforcement country by country as this creates the risk of European companies being excluded from early AI innovations, protection of European citizens’ data should be put first. The fears that after the proposed simplification process privacy protections will be undermined should not be ignored either by the lawmakers in the European Parliament or the Commission.
However, it should also be recognised that the tentative agenda for forthcoming Commission meetings do not coincidentally include discussions of a number of plans related to the digital domain, such as the ’AI Continent Action Plan’ and ’International digital strategy – Strengthening the EU’S leadership in global digital affairs’, but this is due to the fact that von der Leyen has now set this area as her flagship, supposedly, under the influence of lobbyists from global tech companies.
As Brussels’ driving forces seem to remain unchanged and the EU’s decision-making centre is still in the hands of lobbyists, von der Leyen cannot make her own decisions without lobbyists. In addition to the regrettable fact that she gives up the protection of our personal data for the sake of interests of global tech giants, the situation is also very disturbing given that, by simplifying GDPR, the bloc will obviously not be able to effectively compete with China and the US. After all, the goal would be to boost EU competitiveness – but the easing of GDPR has certainly nothing to do with this challenge. Since GDPR has been a cornerstone in digital transition in the EU that has also contributed to overall legal certainty in the bloc, any change in the regulations may stir the market and can entail a negative reflection in competitiveness, not to mention the negative impacts of simplifying rules for data protection on our everyday lives.
In conclusion, simplifying GDPR requirements is a typical case: even if the EU comes up with a good initiative, the Commission can easily derail it, under the false pre-text of ’improving competitiveness’ and ’easing the burden on SMEs’ while paying no attention to European citizens’ right to keep their personal data safe.
