Titre : From Compliance to Innovation – Reforming the GDPR for Tomorrow’s Technologies
Auteurs : Yann Padova & Sebastian Thess
Résumé
The General Data Protection Regulation (“GDPR”) remains one of Europe’s most visible regulatory achievements, but its future is now debated against the backdrop of a fast-changing geopolitical and technological landscape. The role of the European Union (“EU”) as a global standard-setter is challenged by the United States’ dominance in artificial intelligence (“AI”) development, China’s rapid state-backed advances, and the risk that Europe could turn into a regulatory power without sufficient digital innovation of its own to propel it into the future. At the same time, a growing number of policymakers, regulators, and stakeholders recognise that the current EU digital rulebook — which is complex, overlapping, and often burdensome for small and medium-sized enterprises — may hinder competitiveness. While one could argue that the GDPR’s extraterritorial reach and its global dissemination through the so-called “Brussels effect”mitigate the competitive regulatory disadvantage faced by EU-based companies, such impacts remain partial and uneven in practice. Indeed, neither do they constrain how non-EU companies process data outside the EU context or in inadequate jurisdictions, nor do they offset the structural asymmetry whereby EU-based companies remain subject to GDPR obligations across their global operations. As a result, EU-based firms continue to face a meaningful structural disadvantage in data-driven innovation, even if that disadvantage is nuanced. The sense of urgency has already triggered reform efforts, from the European Commission’s simplification package to high-profile proposals by major stakeholders.
In this context, reforming the GDPR seems not only necessary, but also unavoidable. However, to be successful, the reform should refrain from a wholesale reopening of the GDPR and instead focus on selective and targeted revisions aimed at aligning the GDPR more closely with Europe’s strategic objectives: safeguarding fundamental rights, enabling responsible innovation, and strengthening digital competitiveness.
This paper responds to that challenge in two steps. First, it analyses the reasons why a reform is needed and identifies the key goals that should guide it. Second, it puts forward five pragmatic recommendations for a reform taking into account the Omnibus package released by the European Commission on 19 November 2025: (1) realigning GDPR restrictions with AI-development needs; (2) empowering innovation through sandboxes and Codes of Conduct; (3) streamlining risk assessments across the EU’s digital rulebook; (4) harmonising requirements such as EU incident-reporting obligations; and (5) improving regulatory cooperation. Taken together, these proposals chart a course for the GDPR to uphold trust and strong protection of fundamental rights while actively empowering Europe’s digital tomorrow and ensuring the GDPR remains future proof.
Lire l’article 

Yann Padova & Sebastian Thess, « From Compliance to Innovation – Reforming the GDPR for Tomorrow’s Technologies » (2026) 31-1 Lex Electronica, 107-135. En ligne : https://www.lex-electronica.org/s/3686.