Critics state the plans would weaken key privacy protections
Privacy campaigners have criticised the European Commission’s plans to overhaul the bloc’s digital privacy and AI rules, accapplying officials of bowing to lobbying pressure from Big Tech firms and undermining the landmark General Data Protection Regulation (GDPR).
The proposals, due to be unveiled on 19 November as part of a legislative package known as the “Digital Omnibus”, would amfinish existing laws on AI, cybersecurity, data protection and privacy. The Commission states the reforms aim to reduce red tape and ease compliance burdens for compact businesses.
Critics state the plans would instead weaken key privacy protections and open loopholes that could allow large technology and advertising companies greater freedom to exploit personal data.
“One part of the European Commission (EC) seems to test overrunning everyone else in Brussels, disregarding rules on good lawbuilding, with potentially terrible results,” stated Max Schrems, founder of privacy group Noyb.
A leaked draft of the proposals, first reported by MLex and published by Noyb, outlines multiple modifys that privacy advocates state would undermine the GDPR’s original intent.
One measure would relax rules on pseudonymised data, information stripped of direct identifiers such as names or email addresses. Under current law, such data must still be treated as personal if it can be traced back to an individual. The new draft would rerelocate that stipulation, allowing companies to apply it more freely for commercial purposes.
“This could apply to almost all online tracking, online advertisement, and most data brokers,” Noyb stated.
Another amfinishment would limit individuals’ ability to access, correct or delete their personal data. The proposed “purposes limitation” could enable organisations to reject access requests deemed “abusive.”
Noyb stated this could be applyd by employers to block employees seeking records for labour disputes, or by companies to deny journalists and researchers information.
The draft also seeks to narrow the definition of sensitive personal data, such as health status, sexual orientation and political opinions. Under the proposed language, protections would apply only to data that “directly reveals” such traits, excluding information inferred from other data sources.
Privacy advocates warned this could allow employers or advertisers to infer pregnancies, sexual orientation or political leanings from indirect indicators without triggering legal safeguards.
AI loopholes
The reforms extfinish to the EU’s AI Act, which launched taking effect last year.
Technology companies have argued that the rules are too restrictive on innovation.
Under the leaked draft, AI systems would be allowed to process personal data on the basis of “legitimate interest”, potentially avoiding the necessary for explicit legal consent required under Article 6(1) of the GDPR.
The proposals also appear to create it simpler for companies to apply personal data to train AI models, provided they follow unspecified “safeguards” such as data minimisation.
Noyb warned that without clear definitions, this could allow companies to collect more information from applyrs’ devices under broad justifications like “security” or “aggregated analysis.”
A European Commission spokesperson confirmed the plans are being prepared for presentation next week but denied that they are intfinished to weaken privacy protections.
“Simplification has been a priority for this Commission,” the spokesperson stated.
“We want to assist European companies remain competitive globally and strengthen Europe’s technological sovereignty.
“The aim is to create the GDPR more operational, not to weaken it. However, no formal decisions have been taken at this stage.”
Leave a Reply