"The European Commission is set to unveil its Digital Omnibus package on Nov. 19, a sprawling reform effort pitched as a clean-up of Europe's digital regulatory landscape. However, leaked drafts and consultations suggest the package may go far beyond tidying up. The Omnibus appears poised to amend core sections of the EU's General Data Protection Regulation, relax limits around AI training, and soften some of the consent-centric features that defined Europe's privacy approach for nearly a decade."
"Narrowing the definition of "personal data." Pseudonymous identifiers may fall outside GDPR unless they directly identify an individual. Limiting data-subject rights. Access and deletion requests could be denied unless made "for data-protection purposes." Reducing protections for sensitive data. Strong safeguards would only apply when data explicitly reveals a characteristic - not when such traits are merely inferred. Creating a "legitimate interest" basis for AI training. Companies could train models on personal data, including pseudonymized data, without opt-in consent."
A comprehensive Digital Omnibus package will amend multiple EU digital rules at once, including GDPR, the AI Act, ePrivacy, the Digital Services Act, NIS2, and the Digital Operational Resilience Act. Expected reforms narrow the definition of personal data so pseudonymous identifiers may fall outside GDPR and limit access and deletion rights to requests made for data-protection purposes. Protections for sensitive data would focus on explicitly revealed characteristics rather than inferred traits. The package would create a legitimate-interest basis for AI training on personal and pseudonymized data without opt-in consent, merge some ePrivacy permissions into GDPR, raise systemic-risk thresholds for large AI models, and streamline cybersecurity reporting.
Read at Digiday
Unable to calculate read time
Collection
[
|
...
]