Five years after coming into force, GDPR is planned to be "fixed" by the European Commission before summer 2023 (see https://www.politico.eu/article/brussels-plans-new-privacy-enforcement-law-by-summer/ for further details). Different from one might expect, the initiative doesn't question any GDPR fundamentals, but rather seems to have a rather limited scope: It will deal with discrepancies in enforcement by different European Data Protection authorities.only (see https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13745-Further-specifying-procedural-rules-relating-to-the-enforcement-of-the-General-Data-Protection-Regulation_en).  The picture whether GDPR is working might look very different from the outside, where some of GDPR's "eternal" fundamentals such as the concept of informed consent or of sensitive data are discussed. We talk with  Daniel Daniel J. Solove. He is Eugene L. and Barbara A. Bernard Professor of Intellectual Property and Technology Law at the George Washington University Law School and founder of TeachPrivacy, a company that provides privacy and data security training programs to businesses, schools, healthcare institutions, and other organizations. We will discuss two recent papers on informed consent and the distinction between sensitive and "normal" personal data.  

Links: 

https://www.danielsolove.com/bio/ 

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4322198 

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4333743