European Commission publishes Digital Omnibus; noyb highlights risks for user privacy

The European Commission’s newly unveiled ‘Digital Omnibus’ reform package has drawn strong backlash from civil-society groups and data-protection advocates, who warn that the proposals risk undermining the stringent privacy standards established by the General Data Protection Regulation (GDPR) and other EU digital laws.
European Commission publishes Digital Omnibus; noyb highlights risks for user privacy

The European Commission’s newly unveiled ‘Digital Omnibus’ reform package has drawn strong backlash from civil-society groups and data-protection advocates, who warn that the proposals risk undermining the stringent privacy standards established by the General Data Protection Regulation (GDPR) and other EU digital laws. According to critics, the changes favour large technology firms, introduce sweeping legal shifts without adequate consultation, and are proceeding under political pressure rather than rigorous impact assessment.

Among the most vocal critics is NOYB (None of Your Business), founded by Austrian privacy activist Max Schrems. In a statement, NOYB argued that the package opens ‘many new loopholes for Big Tech’ and described the reform as ‘the biggest attack on Europeans’ digital rights in years’.  Other groups, such as European Digital Rights (EDRi), labelled the plan a ‘major rollback of EU digital protections’, warning it would dilute core safeguards, including the right to privacy and restrictions on processing personal data for AI training.

Central components of the package include: a proposed delay until December 2027 for key high-risk obligations under the Artificial Intelligence Act (AI Act) and revisions to definitions in the GDPR that could narrow what counts as personal data.  The intention behind the reforms is to reduce regulatory burdens for industry and boost Europe’s global competitiveness, especially in AI and digital services. However, the speed and breadth of the reforms have alarmed lawmakers and rights groups alike. EU officials claim the omnibus aims to simplify overlapping rules like the GDPR, Data Act and e-Privacy Directive, but critics say the approach lacks adequate consultation and impact analysis.

Industry associations have welcomed the package, expressing that years of complex regulation have hindered business operations and innovation. In contrast, privacy advocates argue that the emphasis on simplification is being used as a cover to weaken user protections. As proposed changes now make their way to the European Parliament and the Council of the European Union, debate is expected to intensify over whether Europe can recalibrate its digital framework without sacrificing the rights it once helped to globally cement.

Civil Society Alliances for Digital Empowerment (CADE) is a project co-funded by the European Union.

Civil Society Alliances for Digital Empowerment (CADE) 2024. All rights reserved.

This website is co-funded by the European Union. Its contents are the sole responsibility of CADE and do not necessarily reflect the views of the European Union.

Web accessibility | Privacy policy

Go to Top