European regulators criticize weakening GDPR
European regulators criticize weakening GDPR
https://www.techzine.eu/news/privacy-compliance/138738/european-regulators-criticize-weakening-gdpr/
Publish Date: 2026-02-12 05:52:00
Source Domain: www.techzine.eu
In a joint opinion, the European privacy regulators EDPB and EDPS have expressed serious concerns about key elements of the European Commission’s Digital Omnibus proposal. The authorities are particularly opposed to narrowing the definition of personal data and question the proposed changes regarding AI training and the right of access.
On November 19, 2025, the European Commission presented the Digital Omnibus package, a far-reaching proposal to amend the GDPR and the ePrivacy Directive, among other measures. The proposal is described as a simplification measure, but critics say it would mainly benefit large American tech companies. The Commission argues that the changes are necessary to reduce the administrative burden on EU companies and strengthen Europe’s competitive position in AI.
However, civil rights organizations have already issued warnings, and now the independent privacy watchdogs EDPB (European Data Protection Board) and EDPS (European Data Protection Supervisor) are adding their voices to the chorus. In their joint opinion, they make it clear that several proposals go beyond technical adjustments or simplification.
Narrowing of the definition of personal data rejected
The most striking point of criticism concerns the proposal to narrow the definition of personal data in Article 4(1) of the GDPR. According to the EDPB and EDPS, this change would “go far beyond a targeted amendment to the GDPR, a ‘technical amendment’ or a codification of case law of the EU Court of Justice.” The authorities thus confirm the concerns previously expressed by stakeholders.
In addition, the supervisory authorities reject the proposal to give the Commission greater authority to determine what constitutes pseudonymized personal data. Combined with the new definition of personal data, this would offer companies easy ways to avoid the scope of the GDPR.
AI training based on legitimate interest
The EDPB and EDPS take a…
