The European Commission has unveiled controversial proposals to overhaul the bloc's digital rulebook, prompting accusations of a massive rollback of digital protections from civil rights groups.
Streamlining Europe's Digital Landscape
As part of its new "digital omnibus" initiative, the Commission aims to simplify multiple tech regulations including the General Data Protection Regulation (GDPR), the AI Act, the ePrivacy directive and the Data Act. The plans come after former Italian prime minister Mario Draghi's warning last autumn that Europe had fallen behind the United States and China in innovation and emerging technologies like artificial intelligence.
EU Economy Commissioner Valdis Dombrovskis told journalists at a press conference that "Europe has not so far reaped the full benefits of the digital revolution" and cannot afford to keep falling behind in a rapidly changing world. He estimated the measures would save businesses and consumers approximately €5 billion in administrative costs by 2029.
Key Changes to Data and AI Regulations
The proposed changes would make it significantly easier for technology companies to use personal data for training AI models without obtaining explicit consent. Additionally, the Commission hopes to address widespread "cookie banner fatigue" by reducing how often internet users must give permission for online tracking.
Regarding the AI Act, which came into force in August 2024 but doesn't yet fully apply to companies, the Commission confirmed intentions to delay implementation of central provisions. Companies developing high-risk AI systems - those posing potential dangers to health, safety or fundamental rights, such as exam scoring or surgical AI - would receive up to 18 months longer to comply with the regulations.
Mixed Reactions from Stakeholders
European Digital Rights (EDRi), a pan-European network of non-governmental organisations, described the proposals as "a major rollback of EU digital protections" that risk dismantling fundamental human rights and technology policy foundations. The organisation expressed particular concern that GDPR changes would permit unchecked use of intimate personal data for AI training and allow businesses to access phone and browser data without permission through broad exemptions to online privacy rules.
Meanwhile, business groups welcomed the moves but argued they don't go far enough. The Computer and Communications Industry Association, representing major tech firms including Amazon, Apple, Google and Meta, stated that "efforts to simplify digital and tech rules cannot stop here" and urged a more comprehensive review of the EU's entire digital rulebook.
The Commission's Vice President for tech policy, Henna Virkkunen, rejected suggestions that Brussels was responding to US pressure, emphasising that the focus is on supporting European startups and small to medium-sized enterprises rather than large tech corporations. She also defended against claims of watering down the AI Act, stating action was necessary to prevent European startups from relocating to other jurisdictions.
Regarding cookie reforms, Virkkunen noted that "we can all agree we have spent too much of our time accepting or rejecting cookies," promising that new rules would ensure simpler one-click consent while maintaining user control over personal data.
Like other simplification proposals affecting environmental, supply chain and agricultural regulations, the digital omnibus will require approval from both EU ministers and the European Parliament before implementation.
