Europe’s data protection laws need updating to take into account increased remote working and new technologies, according to a politician who was a driving force behind the legislation.
Axel Voss, in an interview with the Financial Times this week, suggested the General Data Protection Regulation (GDPR) is now out of date.
“We have to be aware that GDPR is not made for blockchain, facial or voice recognition, text and data mining… artificial intelligence,” said the German MEP.
He added that, if enforced to the letter, it represented a minefield for people working outside their offices and using software that authenticates them for a host of services with a single login.
“If you have a home office situation and you’re dealing with personal data, you are left alone with numerous legal obligations that are difficult to understand. What are the requirements for dealing with data protection in a private home?” Voss said.
He said his view, that the rules needed to be revised “in a very detailed way”.
However, Dutch MEP Sophie in’t Veld said the law is fit for purpose. She said: “GDPR is a very general piece of legislation that leaves lots of flexibility for implementation.”
Responding to the comments, Rohan Massey of law firm Ropes & Gray, wrote: “As we approach the third anniversary of the GDPR’s implementation perhaps instead of looking to update it we should be giving regulators more time to evolve the legislation through enforcement.
“A considered consensual and pragmatic approach to enforcement, focusing and, where necessary, punishing non-compliance in areas of concern while not over-blowing technical infractions would be a great start in achieving the aims of the GDPR and protecting the fundamental rights of individuals.”
Voss’ comments came ahead of a vote in the European Parliament to celebrate the law as a “gold standard for the world.”
Learn more about GDPR at PrivSec Global on 23 to 25 March.