A coalition of 127 civil society organizations and trade unions has come together to express their opposition to proposed modifications that they believe could significantly undermine the European Union’s data protection and privacy legislation, particularly the General Data Protection Regulation (GDPR).
In an open letter dated this week, these groups voiced “serious alarm” over the upcoming EU Digital Omnibus proposals, which they see as part of a broader deregulation effort. They argue that what is being marketed as a ‘technical streamlining’ of EU digital laws is, in fact, a covert agenda aimed at dismantling some of Europe’s strongest protections against digital risks.
“These protections are essential for safeguarding personal data, holding governments accountable, and preventing artificial intelligence (AI) systems from determining pivotal life opportunities. Ultimately, they are vital for ensuring that our societies are free from uncontrolled surveillance,” the letter states.
Concerns regarding the Digital Omnibus proposals were previously raised by many of these organizations earlier this year. However, with the European Commission expected to present a comprehensive proposal soon and indications that draft legislation could dramatically weaken GDPR alongside other privacy measures, the coalition has intensified its efforts.
Potential Weakening of GDPR and AI Regulations
According to analysis from Netzpolitik, the proposed changes in the Digital Omnibus may lead to a “significant reduction” of GDPR protections aimed at allowing greater usage of personal data. This could include easing the conditions for training AI systems on individuals’ personal information.
The restrictions on online tracking and cookies are also poised to be relaxed. Currently, storing or reading non-essential cookies on users’ devices requires explicit consent, but the new proposals would open up the entire spectrum of legal bases provided by the GDPR, allowing companies to claim legitimate interests. Users may only have the opportunity to opt out retroactively, marking a departure from previous consent requirements.
Article 9 of the GDPR, which deals with special categories of sensitive data such as ethnicity, political beliefs, and health information, may also see changes. Netzpolitik highlights that the Commission’s efforts may focus on narrowing the definition of sensitive data; only direct disclosures of such information would receive special treatment. For example, if an individual’s sexual orientation is inferred from their interests rather than explicitly stated, it may no longer be protected under current regulations.
However, protections surrounding genetic and biometric data are expected to remain largely unchanged due to their unique nature and significance.
Concerns Over an ‘Opaque’ Legislative Process
The coalition of 127 civil society organizations and trade unions has accused the Digital Omnibus process of being conducted in a “rushed and opaque” manner, aiming to avoid democratic scrutiny. They argue that this has been a trend in other Omnibus proposals, which have led to harmful outcomes disguised as minimal changes under the guise of simplification.
The groups contend that the Digital Omnibus could erode the existing rules designed to prevent companies and governments from conducting constant tracking of individuals on their devices—an essential part of the ePrivacy framework. This could make it easier for those in power to monitor people’s actions across their phones, cars, or smart homes, revealing sensitive details about their movements and associations.
Moreover, the coalition fears that proposed changes to EU AI legislation may also weaken current safeguards aimed at ensuring safe and non-discriminatory AI practices while delaying penalties for the sale of dangerous AI systems.
At present, AI technologies that impact key decisions must be registered in a public database. However, under the proposed legislative shifts, providers of such AI tools could evade obligations without any public oversight, masking their activities from authorities and the public alike.
In their letter, the coalition warned that recasting important regulations like GDPR, ePrivacy, and the AI Act as mere “red tape” serves the interests of powerful corporate and governmental entities that oppose a fair and safe digital environment. They urged the European Commission to refrain from making any adjustments that would undermine the core digital rights protections enshrined in these frameworks.
