Why the Digital Omnibus puts GDPR and ePrivacy at risk

This week, the European Commission will present its Digital Omnibus proposals, including one to reopen GDPR and the ePrivacy Directive.

Our Policy Advisor Itxaso Domínguez de Olazábal, looked into what this really means, both on paper and in real life and spoiler: it’s less about reducing red tape and more about eroding privacy, accountability, and human rights across Europe.

The Omnibus would:

• redefine “personal data”, letting companies decide when data are “non-personal.” Your location or online activity could suddenly fall outside any protection.
• strip safeguards from inferred data, meaning algorithms could freely guess pregnancy, illness, or religious beliefs. It would mean profiling and discrimination invisible to you.
• create a new “legitimate interest” for AI, allowing your posts, photos, or voice recordings to train AI systems without consent. With no control, you won’t have opt-out nor deletion.
• relax transparency duties, companies could skip key info if they think “users already know.” You’d never truly know who uses your data, or how.
• fold ePrivacy into the GDPR, weakening the rule that stops companies from reading or storing data on your phone without consent. Your devices could be accessed or tracked “for technical reasons.”

This is a great corporate wishlist disguised as reform

Europe’s credibility as a global defender of digital rights depends on upholding, not unravelling, the protections it built. Once again, we urge the European Commission to course correct and withdraw its plans to reopen the GDPR and ePrivacy, and instead focus on enforcing these laws.

Find out what the Digital Omnibus could mean for your privacy and data protection.