Deregulating digital rights: Why the EU’s war on ‘red tape’ should worry us all

What’s “deregulation” all about?

Every five years, the EU’s executive arm – the European Commission – gets a new composition and a new set of priorities. When Commission President Ursula von der Leyen took office for the second time at the end of 2024, she quickly established that her biggest focus this time around would be “an unprecedented simplification effort”.

But almost immediately we have seen that things are only getting ‘simpler’ for a tiny handful of powerful actors. For those seeking protection and justice, things are only getting more complex. From climate action to corporate accountability, digital rights to anti-discrimination, workers rights, and much more besides, it has quickly become clear that this is an unprecedented deregulation effort.

To achieve this, President von der Leyen has laid out an aggressive set of goals, supported by a range of legislative shortcuts that circumvent normal democratic scrutiny and sideline civil society players acting in the public interest. These new methods also give industry players privileged access to decision-makers and the lawmaking process. While this is nothing new, the total normalisation of this unfair dynamic and the deprioritisation of people and planet is unprecedented.

According to the new strategy, the EU’s 27 Commissioners would have to slash the laws in their policy area, in some cases by up to a staggering 35%. Worryingly, the focus is disproportionately put on the volume of laws, rather than on their quality. And these rules are largely assessed on whether they are easy or not for corporations to follow – rather than whether they are needed to protect people and our rights.

The current political landscape has created a perfect storm for this deregulatory agenda to fester. With a right and far-right majority in the European Parliament, Europe’s borders are even more hostile than ever, and people are increasingly looking for scapegoats at which to point the finger. So whilst rights protection and climate action are on the decline, and societal funds are diverted for military or ‘sovereignty’ purposes, rules that punish and surveil people are the only ones that are on the rise.

How does deregulation relate to digital rights?

The EU’s current tech agenda is an almost 180-degree pivot from the last term, where the Commission was proud to have built up a robust framework for protecting people and planet across numerous domains. In the digital space, practically the entire digital rulebook had been modernised, thanks to important laws such as the Digital Services Act (DSA), Digital Markets Act (DMA) and Artificial Intelligence (AI) Act. And these laws rely on the EU’s comprehensive privacy and data protection framework and open internet rules, all of which were both updated a few years before – and are also now under attack.

In big picture terms, many of these rules are still in their infancy – especially the AI Act – which means they still need time to be thoroughly implemented, interpreted and properly enforced. Yet rather than nurturing these rules, which have taken huge amounts of time and effort to agree via the democratic process, the Commission – and many of its Member States, such as Austria, Poland and Germany – now claim that they are too burdensome on companies and should be watered down.

But this argument is completely missing the point. Corporations (and governments!) need rules to keep them in check, and regulatory ‘friction’ can be the very thing that stops the drive for private profit or state austerity from being pursued at any cost. Because we all know that the real cost is to our communities, our habitats and ecosystems, our health and ultimately our democracy.

The first targets of digital deregulation

One of the first sets of digital rules that has been targeted by the deregulation agenda is the cornerstone of digital rights: the General Data Protection Regulation (GDPR). Thanks to the GDPR, we all enjoy freedom from having our intimate information being used to market to us, to profile us or to manipulate us. And these rules don’t just apply to citizens, but to all people whose data are processed, making it a groundbreaking law for the protection it offers to people regardless of their legal status.

Because of its enormous potential to protect people and communities in the digital age, the GDPR has become a key target for disgruntled industry players and some decision-makers. We have seen the GDPR weaponised by corporations trying to position it as too burdensome for individuals (think cookie banners) and as a result, it has become an easy target for the Commission’s deregulation agenda. But evidence shows that companies and companies actually save money thanks to rules like the GDPR.

Exacerbating the situation is the fact that the Trump administration is trying to fan the anti-regulation flames for political gain. It’s true that laws such as the DSA and DMA have had a particular impact on US companies. Most of the major Big Tech platforms that have profited for so long from manipulating and exploiting us originate from the US, and continue to operate there largely unchecked. But it is not because they are US companies that they have been impacted by new EU laws – but rather because the EU has rightly taken steps to make sure that if any companies provide their services to people in the EU, they must respect fundamental rights rules. With the pockets of tech billionares like Musk and Zuckerberg at risk, the US government has conveniently joined the %26destination=https:%2F%2Fwww.politico.eu%2Fpro%2Fai-act-fever-in-gdansk%2F/1/010201977c42f38c-e7466ed3-6b75-4789-b6ef-8494811fcffe-000000/6t30GLSpmnDZ2JTg78bYVdDcFac=430">chorus of industry players complaining about how burdensome it is that they have to meet basic digital rights and corporate responsibility standards.

All this shows why we should be proud of the EU’s tech rules. When you go online in the EU, it’s the combination of laws like the GDPR, the ePrivacy Directive, the DSA, the DMA, the AI Act, net neutrality and ePrivacy that work together in complementary ways. They protect you from being tracked or exploited, they give you rights and redress when you are harmed, and they safeguard your right to free expression.

Although companies have been very successful in getting the Commission to frame this as overlap or red tape, it is clear that actually what we have is a sophisticated tapestry of laws that are essential for keeping us safe. Together, they create a fair and robust playing field for companies that are willing to play by the rules that have been democratically agreed in the EU.

Yet the promise offered by last term’s digital rights rules – that we might be able to regain power and control over our digital lives – is dwindling thanks to deregulation and a lack of commitment to enforcement. Ironically, many lawmakers are now turning to the idea of “digital sovereignty” as the solution, missing the point that simply recreating Big Tech behemoths with an EU stamp would be no better, especially if the EU takes dramatic steps to weaken corporate due diligence and accountability.

Deregulating digital rights would be a step backwards

Whilst there are many digital elements of the deregulatory drive, it’s important not to see these moves in isolation. Attacks on the AI Act, for example, are one part of a broader industrial strategy to make the EU “the AI continent”. The aim is to make it easier for companies to develop and sell AI products and services by reducing the ‘barriers’ to their massive depletion of natural resources, the enormous expansion of resource-guzzling data centers and by having fewer guardrails on how these systems can be used in practice – supposedly justified by the need to achieve digital sovereignty for Europe. But the victims of this AI-at-any-cost agenda are our planet and our communities – and this will harm people all across the world.

The EU’s wide-ranging social, human and environmental rules are and must remain a bastion against the unchecked power of tech CEOs and investors, the interference of the US government, and lawmakers who want technology to serve private interests, rather than people, planet and democracy.

Against this backdrop, it’s almost unthinkable that the European Commission would consider weakening or even removing digital rights rules (among many other senseless proposals, such as one to give workers even less power in the face of companies). Yet in December 2025, with several digital policy areas already being proposed for cuts, the Commission will put forward a new package, the Digital Omnibus, likely to take the scissors to data protection, ePrivacy and AI rules, as well as a networks act to roll back open internet protections. Along with a broad range of civil society actors and unions, EDRi is ready to resist cuts to fundamental rights and social protection, to insist that more attention and resourcing is given to ensuring good enforcement of rights-based laws, and that simplification means making it simpler to protect people and the planet – not cut the rules that protect them.