The European Commission is pushing the Digital Omnibuses, her plans to weaken European law, through the European Union at a extremely rapid pace. Together with Stichting Data Bescherming Nederland (Non Profit Organization Data Protection the Netherlands), we shared our position with the Commision for Digital Affairs from the Dutch House of Representatives and the Commision for Digitalisation from the Dutch Senate.

Speed and attention to detail do not go hand in hand in the legislative process

Contrary to the normal procedure for European Law, which can take years, the European Commision is trying to push her plans to change important European law at a very rapid pace. This damages the laws that have been made carefully and via a democratic process. It also means the European Parliament and the Member States do not get enough time to look at these proposals critically and think about all the possible consequences of these amendments. This weakens the fundamental idea of the democratic legislative process on which the European Union is build.

Together with  Stichting Data Bescherming Nederland (Non Profit Organization Data Protection the Netherlands) we wrote a position paper to the Dutch Senate and the Chamber of Representatives. With it we point their attention to the risks for human rights if these amendments would be passed.

Removing important safeguards

We are worried about the proposal to weaken the term 'personal data'. If the European Commission gets their way, psuedonymised data (data that can be traced to a person with a key), is no longer always personal data. Right now it is.

Psuedonymised data will only be part of the General Data Protection Regulation (GDPR) if it is probable that the party accountable for the processing of the data has the means to trace it back to a person. This is not only very vague, but also hard to check; what makes the data 'personal data' for one processing party, and not for another? Psuedonymised data is not only traceable to a person with a key. Sometimes it is possible to put together who's data it is by the combination of data. For example, if you track someones travel behavior, you can figure out where this person lives. That is why the safeguards that the GDPR put on data are also important for psuedonymised data. Messing around with that brings a lot of (juridical) uncertainty to everyone involved and it makes supervision more complicated.

The obsession to quickly and largely train AI

The European Commission would also like to make it easier to process special categories of personal data when training AI-models. If it is up to the Commission, the parties that process data can safe themselves the trouble of removing this data from a data set if it is too complicated to do so. But the processing of special categories of personal data is in general not allowed. Data about someones ethnicity, sexuality, health, religion or political preference is so sensitive, that the risks for this data falling into the wrong hands, are unacceptably big.

What did we see the past couple years? With the use of AI these risks often come true, for example, people with certain ethnicities or religions get discrimination through profiling algorithms. Therefore it is unfathomable that such an important article from the GDPR, that has links to many constitutional and human rights, would be weakened.

But the obsession of the European Commission to quickly and largely train AI doesn't stop  there. Because of the GDPR, parties that process personal data need to have a legal ground to use this data, like permission, an agreement, or a duty by law. You need to have a good reason to process personal data. Often this is lacking when training or using AI. The solution according to the Commision: fabricate a legal ground for the development and use of AI, by adding a special amendment for this into the GDPR. With this, the use of AI is no longer a means, but a goal.

Put human rights first

The European Commission acts like they propose these amendments to lessen the administrative work load. They say that we don't have to worry about the human rights violations. But that is not true. The amendments have very little to do with lessening the administrative work load while our human right are weakened if these amendments come into effect. Therefore we strongly advice the Dutch government to reject these harmful proposals. They have to remind the European Commission that the interest of the European citizens should be protected over the interest of tech companies.