Report finds GDPR simplification will boost EU competitiveness

A new report by Clifford Chance, sponsored by Amazon, investigates the economic impact of the EU General Data Protection Regulation (GDPR) on the EU economy. The research, by Professor Francesco Decarolis and Cristiana Firullo, concludes that while the GDPR has successfully advanced data protection standards, this has come at a significant and uneven economic cost.

The report highlights substantial recurring legal and operational compliance costs. At the same time, the GDPR has led to increased data acquisition costs, reduced cross-border data flows, along with a measurable slowdown in venture capital investment and innovation within data-driven industries. Furthermore, increased user data rights have only partially translated into tangible welfare gains.

The paper also identifies that national data protection authorities (DPAs) interpret and enforce GDPR rules differently, weakening the one-stop shop mechanism and generating fragmentation and uncertainty, thereby eroding the single market’s coherence. Rather than advocating for wholesale reform, the report proposes incremental institutional improvements to restore proportionality and predictability. Policy options discussed include measures that ensure DPAs support EU competitiveness, innovation, and growth; make codes of conduct and certification easier to understand and more affordable; harmonise GDPR rules across EU countries; implement evidence-based, targeted GDPR reforms; and simplify GDPR compliance obligations for smaller businesses, particularly those in low-risk data sectors.

In related news, an op-ed by MEP Arba Kokalari in The Parliament argues that for the EU to become an artificial intelligence (AI) continent, it must shift focus from new regulation to innovation and digital simplification. While the Digital Services Act (DSA) and the Artificial Intelligence Act (AI Act) have established global tech rules, the EU risks losing competitiveness if its regulatory environment is not made fit for purpose.

The MEP calls for a holistic approach to the EU's digital rulebook, noting that businesses should not require more lawyers than engineers for compliance. Policymakers must streamline and clarify legislation to reduce bureaucratic burdens and regulatory overlaps, especially for SMEs.

Training Announcement: Freevacy offers a range of independent data protection qualifications from IAPP and BCS. Our certified courses are available at foundation and practitioner levels and cover multiple legal jurisdictions, data protection operations management, and the implementation of complex privacy solutions in technical environments. Find out more.