New statutes can of course "violate" existing case law. This is usually the point of changing the law...
More to the point, there is two decades of case law supporting a broad and nuanced understanding of what constitutes "personal data". This proposal runs rough-shod over this established precedent in its entirety and is in clear violation of both CJEU case law and Article 8(2) of the Charter as regards the right to informational self-determination.
piltdownman•2mo ago
Narrowing "Personal Data" Definition: Companies could argue data isn’t "personal" if they can’t identify individuals, exempting them from GDPR compliance.
Weakening Data Subject Rights: Rights like access, deletion, and correction could be limited to "data protection purposes," blocking their use in labor disputes, journalism, or research.
AI Training Free Pass: Tech giants (Google, Meta, OpenAI) could use Europeans’ personal and sensitive data for AI training with minimal safeguards.
Reduced Protection for Sensitive Data: Health, political, and sexual orientation data would only be protected if "directly revealed," not if deduced.
Remote Device Access: Companies could pull data from users’ devices for vague purposes like "security" or "statistics," risking invasive data collection.
tl;dr Germany is again pushing for macro-level EU reforms that bypass legislative safeguards, violate existing precedent, and disenfranchises EU Citizens in favour of BigTech. The legitimacy of GDPR as a democratic safeguard against Corporate Malfeasance will be effectively nullified in one fell swoop.