Association of DPO Czech Republic Supports the Open Letter from NOYB, EDRi, and ICCL

Association of Data Protection Officers of the Czech Republic Supports the Open Letter from NOYB, EDRi, and ICCL on the European Commission's "Digital Omnibus" Working Proposal

The Association of Data Protection Officers of the Czech Republic draws attention to the European Commission's working proposal entitled "Digital Omnibus". This document is intended to be part of measures to simplify regulated environments in the EU. However, according to the opinions of numerous experts associated with organizations dealing with data protection, the current proposal represents a fundamental weakening of existing personal data protections and the rights of European citizens.

In an open joint letter, the organizations NOYB, EDRi, and ICCL state that the proposed changes aim to weaken key parts of the GDPR, ePrivacy, and AI Act, which could significantly reduce the level of data protection for EU citizens. The letter describes specific risks to privacy protection in the digital world, resulting from redefinitions of basic concepts, limitations on the protection of special categories of data (for example, political opinions, health, sexual orientation), and the introduction of massive exceptions for companies, particularly in the area of AI.

NOYB, EDRi, and ICCL further point out the insufficient consultation of the proposed changes, the lack of supporting materials and impact analyses, and ultimately the circumvention of democratic oversight; similar tendencies to weaken protective rights are also appearing in other areas (for example, consumer protection). The entire "Omnibus" procedure thereby shortens the space for parliamentary oversight and public discussion. The signatories of the letter call on the Commission to back away from these changes and to handle any reforms within the standard "Digital Fitness Check" process, not through an accelerated procedure.

The Association of Data Protection Officers of the Czech Republic fully identifies with the open letter from the organizations NOYB, EDRi, and ICCL. According to the opinion of the Association of Data Protection Officers of the Czech Republic, the Commission's mentioned proposal abandons the principles of good governance in digital agendas, the duty of due care for digital data, including personal data, and weakens the practical possibilities for their protection. As an example, pseudonymization can be cited, which has so far been one of the basic security tools in processing personal data. The Commission now views the existence of pseudonymized data sets in its proposal more as a reason for future exclusion from the application of the GDPR.

The Association of Data Protection Officers of the Czech Republic is a professional organization in the field of personal data protection and processing, and its activities are focused on the daily practical management of personal data in many areas of business and the public sector. In the proposed deregulation, the APČR misses guidance on simplifying everyday rules, removing bureaucracy, or harmonizing digital regulations within the EU. In this context, it is necessary to recall the intention to introduce clear exceptions for small and medium-sized enterprises, which even after several years of the GDPR's existence has not been brought to life. Nor is it included in this Commission proposal; on the contrary, the introduction of exceptions from obligations to protect personal data for digital corporations and Big Tech is proposed.

The initiative has been supported by more than 100 organizations across Europe. The Association of Data Protection Officers of the Czech Republic thereby also joins the open letter.