EDRi responds to European Commission’s consultation call on the Digital Omnibus
The European Commission opened consultations for the Digital Omnibus, EDRi responded by urging the Commission not to prioritise corporate interests and deregulation over privacy, transparency, and fundamental rights, ultimately putting people at greater risk of data misuse and discrimination.
This is a dismantle of fundamental rights protections
Since the past year, the European Commission is advancing its so-called Digital Omnibus package, as part of its broader simplification agenda, presenting it as a set of technical adjustments to existing digital laws.
As part of this process, the Commission launched a call for evidence to gather feedback from stakeholders. EDRi responded, calling on the Commission to change course and ensure that any reform of EU digital laws strengthens, rather than undermines, core safeguards that protect people in the digital age.
If adopted in its current form, it risks seriously weakening the legal frameworks that protect people from data abuse, discrimination, and mass privacy violations.
On EDRi’s contribution
In the submission, EDRi raises serious concerns about both the process and substance of the Digital Omnibus. Notably, the Commission has once again failed to follow basic Better Regulation requirements, including the consistent use of impact assessment, despite the far-reaching implications of the proposed changes.
The proposal would significantly alter three key pillars of EU digital rights: the ePrivacy framework, the General Data Protection Regulation (GDPR), and the Artificial Intelligence (AI) Act.
Regarding ePrivacy, the Omnibus proposes a major reconfiguration of the rules governing access to users’ devices and the confidentiality of communications. While framed as a response to issues such as “consent fatigue” and uneven enforcement, the proposal introduces a fragmented and uncertain legal architecture. By creating overlapping regimes based on vague and unstable concepts, it risks divergent interpretations and inconsistent enforcement across the EU. More fundamentally, it shifts away from a rights-based approach grounded in confidentiality and device integrity, reopening political compromises that were central to previous reform efforts.
In the area of data protection, the changes go well beyond procedural streamlining. The Omnibus touches on core elements of the GDPR, including its scope, lawful bases for processing, and protections for sensitive data. Several of these modifications would lower the level of protection for individuals, weaken enforcement mechanisms, and reduce legal certainty for all actors involved, from individuals to regulators.
Taken together, and in combination with parallel AI-related proposals, the changes risk undermining fundamental principles such as purpose limitation. By making it easier to justify data reuse under broad categories like AI development or scientific research, while simultaneously reducing transparency and narrowing the GDPR’s scope, the Omnibus weakens key safeguards against abuse.