GDPR Personal Data Definition Under Fire: EU Privacy Watchdogs Debate Digital Omnibus Risks
GDPR Personal Data Definition Under Fire: EU Privacy Watchdogs Debate Digital Omnibus Risks
Publish Date: 2026-06-08 11:36:00
Source Domain: www.techtimes.com
Europe’s most senior data protection regulators are convening in Brussels tonight for a high-stakes debate on the most consequential proposed changes to digital privacy law since the General Data Protection Regulation (GDPR) took effect in 2018 — changes that civil society groups warn could quietly strip protections from cookies, device IDs, and hashed email addresses for hundreds of millions of Europeans.
The forum, scheduled for 6:30 to 8:30 p.m. Central European Summer Time (12:30 to 2:30 p.m. ET) at the Representation of the Free State of Bavaria to the European Union in Brussels, is co-organized by the European Data Protection Supervisor (EDPS), Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI), and the Bavarian Data Protection Commissioner (BayLfD). MEPs, Council representatives, European Commission officials, the European Data Protection Board (EDPB), national data protection authorities, industry groups, and civil society organizations are all attending — a cross-institutional guest list reflecting how broadly the legislative stakes are felt.
The event is titled “From Omnibus to Opportunity: Driving Data Protection and Innovation.”
What GDPR Personal Data Definition Changes Are Proposed?
At the center of the debate is the European Commission’s Digital Omnibus package, published on November 19, 2025. Among its proposed amendments is a change to Article 4(1) of the GDPR — the foundational definition of what counts as “personal data.” The Commission’s proposal would add language codifying the principle that information is not automatically personal data for every entity just because some other entity could use it to identify an individual. Under the proposal, a data processor that lacks the technical means to re-identify a data subject could argue that the information it holds falls outside the GDPR’s scope entirely.
In practical terms, consumer rights group BEUC warned this could mean any information element that does…
