New technologies – new privacies?
GDPR is a decade old next year in 2026. Since then technologies have changed drastically as has the online behavior of citizens.
It seems logical that from time t time revisions are made.
The General Data Protection Regulation or GDPR, officially Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, has applied since May 25, 2018. The GDPR” focuses on the protection of natural persons with respect to personal data processing and free movement of such data.” It embodies European values pertaining to individual agency and freedom and it protects individuals from a digital transition that was brokered outside of our agency and productive intervention.
Over 80% of all digital tools, cloud, Machine Learning and AI, social media, phones and analytics is not in European hands but in the hands of American and Chinese Hyperscalers. Europe’s regulatory influence is key as is shown in the plethora of Acts, from Cloud to AI and from security to the Digital Services Act. The cornerstone of this regulatory powerhouse is GDPR. It is deeply concerned with how citizens can negotiate and navigate in the digital world:
“1950: in the European Convention on Human Rights (Council of Europe 1950) article 8 paragraph 1 it is stated that: “Everyone has the right to respect for his private and family life, his home and his correspondence”. The extraordinary development of computer science has since then driven to the digitization of personal information and to the processing of personal data by means of digital technologies in an ever-increasing number of scenarios. Personal data protection has been put front and center in the discussion of the protection of natural person’s fundamental rights and freedoms.”
Denmark is taking over the EU Council presidency from July to December 2025, Denmark is urging a reform of the GDPR and the ePrivacy Directive, including the abolition of cookie banners “in cases where cookies are used only for statistical or functional purposes.”
The GDPR is undergoing revisions to simplify compliance for small and medium-sized enterprises (SMEs) and to improve enforcement procedures. Commissioner for Justice Michael McGrath confirmed that the GDPR will undergo a simplification process with a focus on record-keeping obligations for SMEs with less than 500 people. Some voices call for a stronger reform.
We should revise the GDPR to unlock Europe’s digital future, Axel Voss (MEP). “Europe has a choice – either we revise the GDPR to enable digital innovation while safeguarding privacy or we continue down a path that leads to stagnation and increasing reliance on foreign technology.” The future of our data-driven world depends on it.
Denmark is also pushing in its Presidency a controversial Regulation on Child Sexual Abuse Material (CSAM) detection, thereby reviving the EU Chat Control proposal. It did this on the first day of its Presidency in July 2025 and put this high on the agenda.
“The Presidency will give the work on the Child Sexual Abuse (CSA) Regulation and Directive high priority,” they wrote in their program.
The European Commission was proposing in 2023 a regulation forcing digital communication apps to scan digital communications of EU citizens even if they were not under suspicion (the ‘CSAM Proposal’): “This proposal has faced criticism from various quarters, including academics, privacy regulators, and the Council of the European Union’s internal legal experts for violating the essence of the fundamental right to privacy.”
Denmark revived the EU’s Chat Control, or Regulation on Child Sexual Abuse Material (CSAM) detection, targeting adoption by October 14, 2025.
Does this have serious implications for GDPR?
Some argue that it threatens its very foundations:
“Chat Control conflicts with GDPR principles like data minimization and lawful processing. Blanket scanning processes sensitive data without suspicion, clashing with GDPR’s necessity and proportionality requirements. The European Court of Justice has ruled similar measures violate privacy (Case C-511/18). It breaches GDPR’s fairness and transparency, as users can’t consent meaningfully under coercive “voluntary” models. It threatens GDPR rights to erasure, objection, and transparency, with automated flagging lacking human oversight violating Article 22.”
As a way to start a debate we are organizing a webinar September with the EU and US key players that have shaped GDPR from the beginning:
Gwendal Le Grand Deputy Head of the EDPB Secretariat Dr. Gwendal Le Grand is the Head of activity for enforcement support and coordination at the European data protection board (EDPB) since. October 2021.
Dan Caprio Senior Policy Advisor | DLA Piper | Cybersecurity, Privacy, AI, public policy and regulatory risk | Former Senior Official at the FTC and Commerce Department |
Gérald Santucci President of European Education New Society (ENSA) Association. At DG CONNECT he was Head of the Unit “Knowledge Sharing” (2012-2016) and Head of the Unit “Networked Enterprise & Radio Frequency Identification (RFID)” (2006-2012)
Andrea Servida Retired from the European Commission, Former Head of Unit “Knowledge Management & Innovative Systems” at DG CONNECT, European Commission at European Commission
Stay tuned to our website and social media communication!
Every generation has to choose its most suited on and offline environment, and how to feel as comfortable as possible in the trade off of what you receive and what you share.
In this instance it is well possible to argue that in order to protect a particular group, in this case minors ,certain technical measures are justified. It is also possible to argue that these measures cast a net too wide and may have adverse effects. The GDPR should give us answers or maybe needs to be revised itself.
How InDiCo-Global Supports Your Engagement
InDiCo-Global is a Horizon Europe Coordination and Support Action that aims at establishing and strengthening bridges between Europe and partner geographies to coordinate and foster dialogues on digital policies and the standardization activities supporting them.
Visit the InDiCo-Global website to learn more about upcoming activities related to education and contact the project team to discuss a possible involvement.
For more specific information on GDPOR and privacy mail robbert.van.kranenburg at martel-innovate.com
