Europe may roll back some of its strict privacy rules

Published: 13 February 2026
brussels_scroll_metro_luggage
Girl looks at her phone sitting on a suitcase in Brussels-Central railway station. T. Monasse/Getty.

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) are concerned that the Digital Omnibus goes far beyond a technical amendment of the General Data Protection Regulation (GDPR). Instead, the European supervisors feel it will affect individuals’ fundamental rights.

In November 2025, the European Commission introduced the Digital Omnibus, a set of proposals to simplify the existing rules on AI, cybersecurity, and data protection.

The executive branch of the EU intends to change the definition of personal data. The proposal allows the processing of special categories of personal data for verification purposes. It also stipulates that ‘legitimate interest’ should be a legal basis for developing and training AI models.

ADVERTISEMENT

In addition, the Omnibus aims to introduce a single entry point where companies can report cybersecurity incidents. Currently, businesses and organizations have to report these incidents to numerous authorities under several laws, including the NIS2 Directive, the General Data Protection Regulation (GDPR), and the Digital Operational Resilience Act (DORA).

Furthermore, the proposal allows for automated decision-making, for example, when job seekers apply for a job. The time to report a data breach to the authorities will be extended from 72 hours to 96 hours.

resume_man_cv_paper_digital
Man sitting at a wooden table, working on his digital CV using a tablet. Next to him, a printed resume is placed on the table, serving as a reference. Nico De Pasquale Photography via Getty Images.

The European Commission claims that adopting the Digital Omnibus will strengthen the EU’s competitiveness and make it easier for companies to operate within the EU. On the other hand, European privacy supervisors feel it will weaken European citizens’ rights.

“Simplification is essential to cut red tape and strengthen EU competitiveness, but not at the expense of fundamental rights. We welcome the Commission’s steps toward greater harmonization, consistency, and legal certainty. However, we strongly urge the co-legislators not to adopt the proposed changes in the definition of personal data, as they risk significantly weakening individual data protection,” Anu Talus, Chair of the EDPB, said in a statement.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In response, Max Schrems, Chairman of the Austrian privacy advocacy group noyb, states that the feedback of the EDPB and EDPS is “a major blow” for the European Commission’s attempt to limit the rights of users.

“The independent authorities have called out key changes for what they are: neither ‘technical’ changes nor ‘simplification,’ but limitations of the right to data protection for EU residents,” Schrems says.

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked