The European Commission is preparing a sweeping “digital simplification” package that could reshape the core foundations of EU data protection in the name of accelerating artificial intelligence development. According to early details of the proposal, Brussels aims to streamline how companies process data, reduce cookie-banner fatigue, and allow limited use of sensitive information to speed up the deployment of AI services across the bloc. While supporters see a long-overdue modernization, critics warn it may undermine the very principles that made the GDPR a global privacy benchmark.
POLITICO reports that the draft, dubbed the “digital omnibus,” outlines targeted amendments to the GDPR. One of the most controversial ideas is granting AI companies explicit permission to work with “special categories” of data—including information on health, ethnicity, and other sensitive attributes—under tightly defined circumstances. The plan also proposes simplifying the handling of data where names are replaced with codes and expanding legal grounds for user tracking online, with the goal of reducing Europe’s dependency on constant consent banners.
Opponents argue that these moves represent a direct challenge to the red lines that have protected Europeans’ privacy since 2018. Former GDPR co-architect Jan-Philipp Albrecht warned that opening up the regulation could spark a “political explosion,” as privacy protections are widely seen as sacrosanct. Prominent Austrian privacy advocate Max Schrems criticized the proposal as a rushed, poorly drafted shortcut that lacks comprehensive impact assessments. Civil society groups have also voiced concerns, saying consultations are moving too fast for such far-reaching changes.
Supporters counter that strict interpretations of the GDPR have repeatedly delayed or blocked the rollout of AI features in Europe. They argue that clearer rules would make the EU more competitive globally, particularly against the United States, which lacks a federal equivalent to the GDPR. Businesses, meanwhile, welcome the promise of fewer bureaucratic hurdles and fewer intrusive cookie banners, which have become symbolic of consent fatigue and lost trust.
EU capitals are split. Estonia, France, Austria, and Slovenia reportedly oppose reopening the GDPR, while Germany is pushing for broader flexibility to support AI. Inside the European Parliament, some lawmakers warn that the reforms could narrow fundamental rights, while others embrace the initiative as a way to give European researchers and companies a fair chance without ceding ground to “third countries.”
The legislative process is just beginning. Once the package is officially submitted, negotiations will unfold between the European Parliament and the Council. Even if the text is presented on November 19, the details are likely to change significantly. Without a carefully balanced compromise between innovation and privacy, the proposal risks stalling for months—or longer.
Conclusion:
If approved, the reform would mark the first modification of the GDPR since its adoption in 2018. It could give Europe’s AI sector clearer rules and fewer procedural barriers, helping companies innovate faster. Yet it would also require stronger oversight to ensure that sensitive data and online tracking are not misused. The EU now faces a defining choice: how to promote cutting-edge AI while staying true to its commitment to protecting fundamental rights.
