The EU Commission introduced a proposal to simplify its digital regulatory framework in November
As European Union lawmakers mull a proposal to roll back data privacy rules in an effort to simplify the region’s digital regulatory framework and foster competition, some Canadian lawyers argue that Canada could benefit by following suit – but predict that’s unlikely to happen.
Introduced by the EU Commission in November, the Digital Omnibus is a proposed package of legislative changes that aims to simplify the requirements under the EU’s many digital regulations, including the landmark General Data Protection Regulation and the 2024 Artificial Intelligence Act.
READ MORE: Focus on privacy and data
In a memorandum explaining the proposal, the Commission argued that the complexity of the EU’s digital regulatory regime – long considered a benchmark for data privacy and tech regulation – has “sometimes had an adverse effect on competitiveness,” adding that simplified rules would be more “cost-effective and innovation-friendly.”
The proposal has sparked criticism in the EU. Some have argued that the changes under consideration – which include pushing back compliance deadlines, reducing the types of circumstances in which companies must notify consumers or local data authorities about how data is being used, and more – would erode protection for human rights and weaken the EU’s position as a global leader in tech regulation. Others, including watchdogs, have meanwhile noted that the proposal follows substantial pressure from major US tech companies and the Trump administration to cut back on digital regulations, particularly with respect to AI.
However, some Canadian lawyers argue that the European Commission’s proposal could help strike a more workable balance between digital protections for individuals and easing compliance burdens for companies – or even serve as a model for Canadian lawmakers as they continue to consider a replacement for the decades-old Personal Information Protection and Electronic Documents Act.
Across the Atlantic, “they are trying to simplify and reduce the burden on organizations in terms of compliance,” says Antoine Guilmain, a partner at Gowling WLG who co-leads the firm's cyber security and data protection law group. “And I think in Canada, we should do the same.
“We should be very mindful of protecting the personal information of Canadians. That’s not even in question,” Guilmain says. However, he adds that it’s also important that “there is not a form of overregulation where we are asking too much of organizations for ultimately a limited impact in terms of [protecting] individuals.”
Julie Uzan-Naulin, a partner at Fasken Martineau DuMoulin LLP who is a member of the firm’s privacy and cybersecurity group, agreed that the European Commission’s proposed regulatory changes would be easier for companies to manage. She says they could especially offer relief to small and medium businesses, which often have fewer resources to navigate the EU’s various digital rules.
Uzan-Naulin argues that the proposal – at least in its current form – could potentially boost protections for individuals, too. “If it is easier for companies to comply, individual rights would be more protected,” she says.
While the EU’s digital regulatory regime – especially the GDPR – has long served as a model for data privacy and security rules across the globe, neither Guilmain nor Uzan-Naulin is aware of any other jurisdictions currently following the precedent set by the European Commission’s proposal to roll back regulations.
In Quebec, where landmark data privacy legislation took effect in 2023, the opposite has happened. Uzan-Naulin notes that Law 25, or the Act to Modernize Legislative Provisions as Regards the Protection of Personal Information, updated the province’s privacy rules in response to new technologies and is modelled in part on the GDPR.
However, Guilmain argues that the Quebec law “is in many ways more stringent than what they have in the EU.”
Uzan-Naulin expects a similar development on the federal level. “The idea in Canada is more to have a new modernized law,” – meaning one that takes into account new technologies like AI – “rather than rolling back on privacy [regulations].”
