Civil society warns EU Digital Omnibus could trigger historic rollback of digital rights

A coalition of 127 civil society organisations and trade unions is urging the European Commission to halt its planned Digital Omnibus package, warning that it would weaken core EU digital laws and mark what they describe as the biggest rollback of digital fundamental rights in the Union’s history. In a joint open letter addressed to the Commission, the signatories argue that reforms presented as technical streamlining would in fact dismantle key protections in the GDPR, ePrivacy framework, AI Act and other pillars of EU tech regulation.

The Digital Omnibus is expected to amend multiple laws at once, while a parallel digital fitness check will review a wider set of rules on platform accountability and online consumer protection. Civil society groups say this combination amounts to a broad deregulatory agenda. They warn that reopening the EU’s digital rulebook in this way risks redefining rights as ‘red tape’, and could embolden both corporate and state actors that oppose stricter safeguards on data use, surveillance and automated decision-making.

One major concern is the reported plan to weaken one of the clearest rules in the ePrivacy framework, which currently limits how companies and governments can track people via their phones, cars, or smart devices. According to the letter, loosening this rule would make it easier for powerful actors to monitor individuals’ movements and habits, potentially revealing visits to health clinics, places of worship or other sensitive locations. The signatories link this to recent investigations showing that commercially traded location data has already been used to profile EU officials and ordinary residents, and argue that any dilution of privacy rules would effectively legitimise such practices.

The organisations also say the AI Act, which has only just begun to take effect, is at risk of being hollowed out. Under the current framework, high-risk AI systems that influence major life outcomes, such as access to social benefits, must be registered and comply with strict obligations. The statement claims that the Omnibus could introduce loopholes allowing providers to exempt themselves from these obligations without public scrutiny, while delaying penalties for non-compliance. In their view, this would undermine accountability and transparency just as AI tools are being integrated more deeply into public services and commercial platforms.

Similarly, the letter warns that changes to the GDPR could let companies ‘mark their own homework’. This would affect one of the few laws that gives individuals, including workers, children and undocumented people, meaningful control over their personal data and mechanisms to challenge misuse. The signatories argue that rather than weakening these obligations, the EU should focus on stronger enforcement and clearer guidance for organisations that need to comply. They also highlight the environmental footprint of large-scale AI, pointing to intensive use of energy and water, and question whether the benefits of such systems justify their social and ecological costs.

Beyond individual laws, the statement frames the Digital Omnibus as part of a wider pattern, citing earlier Omnibus-style proposals in social and environmental policy that, in their view, have already put important protections at risk. The groups argue that if the EU continues to recast safeguards such as the GDPR, ePrivacy, the AI Act, the Digital Services Act and related measures as burdensome ‘red tape’, it will not only weaken rights inside the Union but also erode its credibility as a global standard setter for rights-based digital governance.

The coalition calls on the Commission to immediately stop any moves to reopen core digital rights laws, to reaffirm its commitment to rights-focused digital regulation, and to ensure meaningful involvement of civil society and affected communities in any future reforms. They conclude that it is still possible for the Commission to change course and ‘defend, not dismantle’ the legal framework that currently protects people in the EU from digital exploitation and surveillance.