Wenn die Reform dreimal klingelt - Once reforms come knocking thrice

The Article “Wenn die Reform dreimal klingelt” (paywall) must be read in context. Even though experts requested material overhaul of the GDPR, the European Commission repeatedly and consistently refused to start any process thereof. If at all, GDPR would only face procedural adjustments. 

Post the landmark decision EDPS v. SRB (read a high level analysis of the judgement, a dedicated article about its impacts on core terminology), the European Commission apparently has altered its mind. In total there are three reforms ongoing or just implemented. This article analysis the impact of such reform initiatives and to what extent such reforms are expected to have positive effects. 

The spotlight is on the European Commission's current reform efforts in order to assess whether the reform proposals can adequately resolve the practical challenges posed by the GDPR and its implementation through ECJ case law. It should be noted that the omnibus package for the simplification [and standardisation] of the digital legal framework2 is at too early a stage for conclusive and detailed analysis. 

Nevertheless, the article is devoted to an analysis, as the proposal's objectives are sufficiently concrete to be identified and classified.  Insofar as the proposals envisaged in the reform efforts may be insufficient, the article concludes with suggestions for (fundamental) adjustments that could achieve the objectives more effectively.

The conclusion is ultimately drawn that the GDPR offers considerable potential for avoiding unnecessary formalities. In this respect, the European Commission's objectives are also considered reasonable. 

The specific implementation, however, is in some cases called into question. Either in terms of whether the objective can be achieved based on the specific design and legal implementation, or whether the selected aspects and implementation ideas are even suitable in principle. 

In particular, the article elaborates on the concept of further developing the definition of personal data, as the current definition is considered too broad and insufficiently differentiated for modern challenges. Based on this, a new structure for the relationship between Art. 6 and Art. 9 GDPR is proposed. In the context of transparency obligations, a complete rethink is suggested, with a focus on information that is actually relevant to data subjects.