A German data protection officer, Louisa Specht-Riemenschneider, has expressed her support for less digital regulation for the mid-sized businesses. In a guest article for the “Tagesspiegel Background” on Thursday, Specht-Riemenschneider wrote that many companies already lack the capacity to identify which regulations apply to them and which do not. She believes that the mid-sized businesses should be partially exempt from the digital regulation obligations.
Specht-Riemenschneider suggests that there should be “increasing and decreasing obligations according to the company size”. She mentions specific provisions of the EU’s AI Act, Data Act, or Data Governance Act as possible examples. The data protection officer wishes for a regulation that “binds the large more strongly than the small”.
With each new legal act, it becomes more complicated, according to Specht-Riemenschneider. “The large players may laugh about it or simply ignore the rules, start-ups and mid-sized businesses simply do not have the capacity to fulfill all their obligations from this regulation”, she said.
Specht-Riemenschneider has been the federal data protection officer since September 2024, previously being the holder of the chair for civil law, data economy, data protection, digitalization and artificial intelligence at the University of Bonn.