EU proposal could reduce Europeans’ control over personal data

Published: 6 January 2026
Last updated: 6 January 2026
wooden lock eu belgium
Image by Cybernews.

Belgian consumer interest group Test Aankoop is sounding the alarm about the European Commission’s plans to simplify the General Data Protection Regulation (GDPR).

In November 2025, the executive branch of the European Union introduced the Digital Omnibus, a set of proposals to simplify the existing rules on AI, cybersecurity, and data protection.

One of the Digital Omnibus’s goals is to establish a single entry point for companies to report cybersecurity incidents. Currently, businesses and organizations are required to report these incidents to multiple authorities under various laws, including the NIS2 Directive, the General Data Protection Regulation (GDPR), and the Digital Operational Resilience Act (DORA).

ADVERTISEMENT

By establishing a single entry point, it should become easier for companies and organizations to comply with the various reporting requirements.

In addition, the executive branch of the EU aims to establish an “innovation-friendly privacy framework” to “harmonize, clarify, and simplify” rules to boost innovation and support compliance by organizations while keeping the core of the GDPR intact.

hand-with-weak-biceps-gdpr
Image by Cybernews.

Test Aankoop points out that the proposed changes could, in fact, weaken consumers’ privacy protection. As of writing, the GDPR prohibits companies from collecting and using users’ personal data without their explicit consent.

However, the Digital Omnibus enables tech companies to invoke a “legitimate interest” and use user data without prior consent for training AI models.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In addition, the European Commission proposes to postpone certain core rules of the AI ​​Act. For example, the Commission wants to establish a transition period until 2028 for certain categories of high-risk AI.

The Belgian consumer advocacy group also claims that certain transparency obligations will be removed, including the registration of these systems in a European database. Lastly, the European Commission wants to centralize oversight at the European AI Office.

Test Aankoop also raises concerns about the European Commission’s plans for cookie banners. The Commission aims to enable Europeans to express their preferences with a single click and save them in their web browser or operating system.

ADVERTISEMENT

“On paper, surfing would be smoother. But the danger is real: the lack of a refusal could be interpreted as consent, weakening your real control over your data,” the interest group argues.

This would be a real shift in thinking about the GDPR, which for years was considered the global benchmark for privacy and data protection.

“The stakes are clear: can Europe remain a leader in data protection while simultaneously accelerating in the field of artificial intelligence? Or do we risk seeing our digital rights as citizens gradually sacrificed in the name of competitiveness?” the Belgian consumer group concluded.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT