Compared to Trump’s nation-ending level of incompetence, it’s hard to do much wrong. But thinking that way is a trap.

Ireland recently hired Niamh Sweeney, an ex-Meta lobbyist, as Data Protection Commissioner – the highest rank in the EU’s lead supervisory authority for BigTech’s compliance with the GDPR – even though Sweeney doesn’t have any proven experience in GDPR enforcement or technical expertise.

Sweeney has two degrees in journalism and was leading Meta’s lobbying activities in Europe during the years of the Cambridge Analytica scandal. Likely, her prior employment at Meta is covered by a non-disclosure agreement which contractually prohibits her from ever bad-mouthing the company. That was the case for Careless People author, Sarah Wynn-Williams, who worked at Meta during the same years and is now on the verge of bankruptcy due to Meta’s court orders (The Guardian).

See the complaint filed against Ireland to the EU Commission by the Irish Council for Civil Liberties here.

The conflict of interest is so obvious that one can only wonder whether GDPR was used as a bargaining chip for EU politicians to exchange money with BigTech under the table. It’s getting close to Trump-level incompetence and I don’t say that lightly.

If Trump does not manage to ensure a third term in the White House and escapes impeachment, he may be a perfect candidate for the role of EU Commissioner overseeing GDPR and the Digital Omnibus. I mean, why not? If the EU is indeed looking to deregulate and pull back from its role as the global tech regulator (as per Politico), who would be more efficient to carry out that task than the orange bulldozer of democracy?

The current EU Commissioner in charge of overseeing the GDPR and the Digital Omnibus is Michael McGrath, former Minister for Finance in Ireland, who believed – contrary to the Court of Justice of the European Union – that Apple should be allowed to pay a tax amount in the EU of 0.005% in 2014 (Breaking News.ie).

In this context, the controversial Digital Omnibus package that was presented by the EU Commission on November 19 has attracted a lot of attention. I honestly can’t tell if the proposed measures are as bad as privacy activists make them out to be. Here is Daniel Leufer in Tech Policy Press:

“What all of these changes point to is a shift away from empowering people and towards granting discretion to business. What makes the GDPR truly disruptive is that its rights-based approach puts power into the hands of data subjects, of people, and gives them tools to fight back against tech giants, powerful government agencies, and anyone else who uses their data to surveil, track or control them. In a broad sense, shifting towards a risk-based approach to digital regulation tends to allow discretion to powerful actors and creates a maze of loopholes, exemptions, and exceptions that all, ultimately, function as ways for powerful actors to avoid accountability.”

Is it really true, though? When reading through the Digital Omnibus, I don’t get the sense that the EU Commission is actively seeking to enable American BigTech’s further invasion of Europe, even though the recent hire of Niamh Sweeney as one of the EU’s leading privacy enforcers may suggest otherwise.

The major problem with EU’s suite of digital laws is that they are much too complicated to read and understand, even for people with a European law degree. This complexity makes them difficult to enforce. Further, the laws place a large burden on smaller European companies, while BigTech can easily shoulder the price of lawyers, compliance people and lobbyists who can challenge, interpret and water down the regulations to the companies’ benefit. That is a legitimate and well-recognized problem the EU needs to solve. The Digital Omnibus is intended to be a step in that direction.

While tech in the US is defined by technologists, tech in the EU is defined by an intellectual elite who love nothing more than to make up complicated terms, acronyms and concepts that common business owners have no chance of keeping up with. There is a wide discrepancy between the reality of doing business in the EU and the complex digital frameworks that academics with horn-rimmed glasses working from medieval universities staunchly defend.

That being said, I don’t think the Digital Omnibus is closing the gap between technologists and the intellectual elite of Europe. On the contrary, the proposed “simplifications” appear to create more complexity and confusion. Notably, the Digital Omnibus proposes that data controllers can use personal data for AI training purposes with reference to “Legitimate interest” as a legal basis. This change will primarily benefit Big Tech. Otherwise, many of the proposed changes appear cryptic, vaguely worded, limited in scope, and seem non-reformative overall. It’s nearly impossible to imagine how the proposed changes - namely to the GDPR - can have a distinct positive impact on the EU’s startup industry or the broader EU economy.

For a full breakdown, I recommend “Digital Omnibus: First Analysis of Select GDPR and ePrivacy Proposals by the Commission” recently published by the privacy watchdog, noyb. Concrete recommendations for changes to the text will be published by noyb in the coming weeks.