The European Union, after years of leading the world in establishing strict technology regulation, is now proposing to loosen its grip on its flagship rules. Faced with intense pressure from major industry players and the US government, Brussels is seeking to streamline its General Data Protection Regulation (GDPR) and relax key components of its artificial intelligence legislation, the AI Act. This strategic pivot, driven by a desire to reduce bureaucracy and stimulate the bloc’s slow economic growth, represents a significant shift in the EU’s approach to tech oversight.
The changes put forward by the European Commission fundamentally alter core aspects of the GDPR. They are designed to make it simpler for companies to share anonymized or pseudonymized personal data sets. Crucially, the proposal would grant AI companies a legal basis to utilize personal data for training their AI models, provided they remain compliant with all other existing GDPR requirements. These amendments aim to unlock data access and foster innovation within the burgeoning AI sector across the EU.
In addition to GDPR changes, the Commission is also watering down a pivotal part of the AI Act, which was enacted in 2024. The proposal extends the grace period for regulations specifically targeting “high-risk” AI systems—those deemed to pose serious threats to health, safety, or fundamental rights—which were originally slated to take effect next summer. The new implementation date is contingent on the availability of “the needed standards and support tools” for AI companies, effectively delaying the stricter enforcement for an indefinite period.
Among the proposal’s most visible and widely welcomed changes is a dramatic reduction in the ubiquitous and often frustrating cookie banners. The new measure would exempt certain “non-risk” cookies from triggering pop-ups and would allow users to manage cookie preferences for most websites through centralized browser controls. The broader Digital Omnibus also includes simplified documentation for smaller AI companies, a unified mechanism for reporting cybersecurity incidents, and centralizing the bloc’s AI oversight under the new AI Office, all framed as efforts to cut rigid rules and support innovation.
This overhaul is now subject to approval by the European Parliament and the 27 EU member states, a process expected to be contentious and lengthy, possibly introducing further modifications. The proposed weakening of the GDPR, a foundational element of Europe’s tech strategy, has already sparked outrage among civil rights organizations and political figures. They accuse the Commission of giving in to intense lobbying from Big Tech and figures like former Italian Prime Minister Mario Draghi, warning that these amendments compromise essential user safeguards. The Commission, however, insists the changes are merely about simplifying, not weakening, the rules to address growing concerns that its strict regulatory stance is preventing the EU from competing effectively in a global AI race currently dominated by US and Chinese firms.
Reference:
