EU Commission Faces Backlash Over GDPR Reform

Digital Omnibus proposal raises privacy concerns

The European Commission has unveiled its “Digital Omnibus” proposal, sparking immediate criticism from civil society groups and members of the European Parliament. Officials insist the reforms maintain high standards of personal data protection, but opponents argue they weaken safeguards for European citizens. Instead of simplifying compliance for small and medium-sized businesses, critics say the changes create legal advantages for large U.S. technology companies. Data privacy activist Max Schrems described the proposal as the biggest attack on European digital rights in years.

Erosion of Core Principles

The reforms introduce significant cuts to privacy rights, which observers believe were influenced by industry lobbying under global economic pressure. Such changes risk undermining decades of European policy against commercial surveillance, a principle enshrined in Article 8 of the European Charter of Fundamental Rights. Schrems warned that the overhaul primarily benefits major technology firms while offering little to smaller EU businesses. He argued the proposal reflects panic over Europe’s digital trajectory rather than strategic leadership.

Critics view the reforms as a step backward in protecting citizens’ rights. Narrowing definitions of personal data and weakening enforcement mechanisms could leave individuals more vulnerable. The shift is seen as prioritizing corporate interests over established legal protections. Many fear this will erode trust in Europe’s digital governance framework.

Legislative Process Under Fire

The Commission advanced the GDPR reform despite requests from most Member States not to reopen the legislation. Leaked drafts prompted opposition from center-left groups in Parliament, including S&D, Renew, and the Greens, who urged the Commission to halt the cuts. The initiative is being led by Commission President Ursula von der Leyen, Vice-President Henna Virkkunen, and Justice Commissioner Michael McGrath. Reports suggest political pressure within the Commission to push the changes quickly, bypassing standard analysis and consultation.

Schrems noted limited political support among Member States, Parliament, and the public. He accused the Commission of fast-tracking reforms without sufficient evidence or impact assessment. Critics argue this undermines the credibility of EU lawmaking. The process has been described as rushed and lacking transparency.

Loopholes and AI Concerns

One major change involves narrowing the definition of personal data, allowing companies to claim GDPR does not apply if they cannot currently identify individuals. This subjective approach complicates enforcement and could weaken protections. Another issue is the proposed modification of Article 5(3) of the ePrivacy Directive, which would permit broad “whitelisted” processing operations, raising fears of excessive remote searches on user devices. The reforms also facilitate the use of personal data, including social media histories, for AI training by firms such as Meta and Google.

Although the Commission suggests users may opt out of AI training, critics argue this is impractical since datasets are opaque. User rights could also be weakened, with access requests limited to “data protection purposes,” potentially restricting journalists, employees, or researchers from obtaining evidence. Rather than simplifying rules for SMEs, the proposals risk increasing complexity and benefiting large corporations. The absence of an impact assessment has been criticized as disregarding long-standing principles of EU lawmaking.