News / Noteworthy

GDPR Working Group: Building Blocks for Data Protection and Use Reform

22. Sep 2025

The TUM Think Tank is launching a high-level working group bringing together experts from regulatory bodies, academia, industry, and civil society to advance the reform of the GDPR. The goal is to present four concrete and legally actionable reform proposals by December 2025 that will both make data protection more effective and facilitate responsible data use for business and society.

Need for GDPR Reform

The General Data Protection Regulation (GDPR) — a central pillar of European data protection law — is increasingly the subject of professional and political debate. In Brussels, Berlin, and elsewhere, more and more voices are calling for an evolution of the GDPR, while citizens are becoming increasingly critical of how data protection is implemented.
 

“The concept of consent has, in its far-reaching and unlimited form, ultimately failed,” argues Louisa Specht-Riemenschneider, Federal Commissioner for Data Protection and Freedom of Information and member of the working group. “The GDPR creates the illusion of a gold standard but far too often leaves affected individuals shamefully alone. Companies that try to comply with data protection law frequently despair over significant legal uncertainty, inconsistent interpretation, and extensive documentation requirements. Those that circumvent the law, on the other hand, too often benefit from weak enforcement.”

The GDPR Working Group at the TUM Think Tank aims to address these challenges by developing concrete proposals by December 2025 to strengthen and make data protection more effective, while also enhancing the usability of data for both economic and societal problem-solving. A complete redesign of the GDPR is not intended. Instead, the goal is to “remain compatible with existing regulations and enable rapid implementation,” explain Kai Zenner and Max Schrems, two of the group’s co-initiators.

“The rapidly evolving digital landscape presents new challenges for data protection law. Therefore, data protection provisions must be reviewed and adapted to keep pace with these developments and ensure both the protection of individuals and the promotion of innovation,” adds Boris Paal, another co-initiator of the working group.

Who we are

The working group brings together experts from academia, practice, regulatory authorities, and civil society. Its members include (in alphabetical order):

  • Christoph Bausewein | Association of Data Protection Officers of Germany (BvD) e.V.
  • Linda Bienemann | Personal Assistant to the Federal Commissioner for Data Protection and Freedom of Information (BfDI)
  • Franziska Boehm | FIZ Karlsruhe & Karlsruhe Institute of Technology (KIT)
  • Stefan Brink | Scientific Institute for the Digitalization of the Working World (WIDA) / Berlin
  • Thomas Fuchs | Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI)
  • Niko Härting | HÄRTING & German Bar Association
  • Peter Hense | Spirit Legal Attorneys-at-Law
  • Boris Paal | Technical University of Munich
  • Frederick Richter | Data Protection Foundation
  • Max Schrems | noyb
  • Louisa Specht-Riemenschneider | Federal Commissioner for Data Protection and Freedom of Information (BfDI)
  • Christiane Wendehorst | University of Vienna
  • Michael Will | Bavarian State Office for Data Protection Supervision (BayLDA)
  • Kai Zenner | MEP Axel Voss, European Parliament & TUM Think Tank

 

 The TUM Think Tank provides the organizational platform for the initiative.
The working group was initiated by Kai Zenner, Max Schrems, Boris Paal, and Markus Siewert.

What we do

In a multi-stage working process, the group is developing concrete policy recommendations in the following areas:

    •  (Further) development of a risk-based approach to the GDPR
    • Simplification of B2B compliance (e.g., Articles 28/29 GDPR)
    • Greater legal certainty through lists of permitted and prohibited data uses
    • Reform options in the area of consent (e.g., Article 6 GDPR)

How we work

Between September and December 2025, several digital working meetings will take place. The process will be complemented by exchange and consultation formats with a broader group of practitioners and stakeholders from politics, business, and civil society.

Our goal is to develop four concrete policy recommendations addressing key challenges in the GDPR and its further development.

Updates on our progress will be shared here on a regular basis; the final results will be presented at a hybrid closing event in Brussels or Berlin in December 2025.

Contact

Markus Siewert | Managing Director TUM Think Tank | markus.siewert@hfp.tum.de 

 

 

Related Projects

Das Government Innovation & Technology Lab ist Münchens Katalysator für Innovationen im öffentlichen Sektor und verbindet Regierung, Wissenschaft und Industrie, um zukunftsfähige Institutionen aufzubauen.

Lab

Kai Zenner tritt dem TUM Think Tank als Fellow of Practice bei, um ein Jahrzehnt europäischer Digitalpolitik kritisch zu analysieren, strukturelle Schwächen zu identifizieren und konkrete Verbesserungen vorzuschlagen. 

Fellowship

Vom Code in den Gerichtssaal

Lab