Last year, the European Commission unveiled the Digital Omnibus with a sunny promise: simplify GDPR and the AI Act to boost competitiveness and cut red tape. Civil society warned that simplification must not erode hard-won protections. The aim is to spark responsible innovation while preserving rights; the reality could see GDPR and the AI Act traded for speed and convenience.
Proponents frame the Digital Omnibus as practical: rules that are easier to follow and enforce. Critics warn that simplification could redefine personal data, create AI data-carveouts, and shrink access to one’s data. The net effect could be less transparency, leaving people unsure how their information is used. Yet the conversation remains constructive: smarter rules could protect people and the environment while supporting innovation. Still, many see a push toward deregulation that benefits corporate interests if left unchecked.
GDPR safeguards in the Digital Omnibus era
Under the banner of simplification, GDPR rules would face adjustments civil society warns could loosen protections. Definitions of personal data could shift in ways that broaden corporate access to data for AI training. Public-interest groups say narrow carveouts threaten the core aim: preventing mass data collection and misuse. A key danger is a patchwork where datasets slip through gaps because of vague terms like disproportionate effort, an unclear standard open to interpretation. The result could be more harvesting with less clarity on consent, purpose limitation, and retention. Policymakers say safeguards can stay, and a thoughtful rewrite could preserve rights while clearing bureaucratic bottlenecks. The priority remains clear: keep individuals informed about what is collected, how it is used, and who has access—essential even as rules become leaner and more user-friendly.
Access rights are another concern. Reforms would restrict some avenues for people to obtain data about them, arguing that requests should serve data protection rather than every investigative or commercial appetite. Critics argue that limiting access weakens the ability to challenge data-driven decisions, especially those by automated systems affecting jobs, credit, housing, and healthcare. Supporters say the cure lies in better governance and clearer processes, not blanket denials. The debate invites a balanced approach: maintain data subjects’ rights, improve transparency in data flows, and ensure meaningful control without drowning organizations in red tape. In this vision, GDPR remains a shield, not a relic—strong enough to deter misuse but adaptable to new tech realities.
AI Act transparency and timing under simplification
Turning to the AI Act under the Omnibus, full implementation could be delayed, and transparency could be diluted for high‑risk systems. The goal is to avoid friction, but the risk is that high‑risk mitigations become optional or postponed. A core question: will providers still be required to disclose risk assessments and safety measures, or will those disclosures drift into databases that are hard for non-experts to interpret? The proposed changes would curb some transparency, giving companies more room to define risk themselves. Critics say this creates a mismatch between AI’s real impact on health, safety, and rights and the openness policymakers expect. Advocates for robust governance point to cases where opacity allowed harm and urge careful calibration to preserve accountability even as processes are streamlined.
Timing is another focus. The AI Act already aims for full implementation, but the Omnibus could push milestones further. Delays matter because high‑risk AI systems reaching the market early may escape safeguards. The concern is not nostalgia for strict rules but misalignment: regulators want pace with AI progress while protecting people. A well-structured timeline can balance innovation with rights, making sure high‑risk systems are tested, documented, and monitored in a way that makes sense to developers and the public.
Beyond transparency, the Omnibus raises questions about the Digital Services Act (DSA) and Digital Markets Act (DMA) in this broader reform. The digital fitness check could become a lever for wider deregulation, so vigilance and guardrails are essential. Amnesty International and other rights groups warn that a lax approach to algorithmic governance could normalize discriminatory outcomes. The takeaway is simple: regulation should be smart, not stifling—encouraging good design while protecting the vulnerable and letting society benefit from innovative AI and digital services.
As the process unfolds, many voices call for stronger protections. Amnesty International has documented how AI and data policies in member states can lead to abuses—from facial recognition in crowd control to monitoring asylum seekers. The concern isn’t opposition to all deregulation, but resistance to a one-way street that prioritizes profits over people. The GDPR and the AI Act serve as lighthouses guiding policy toward transparent, rights-respecting innovation. The overarching message: stronger rights help create better technology, not the other way around.
The Commission’s proposals are not final. Negotiations continue in the coming months, and there are signs of pushback from the European Council and Parliament. Some compromises preserve protections, while others yield ground on procedural details. The digital rights landscape remains dynamic, and outcomes hinge on balancing competitiveness with citizen safeguards. A cautious optimism is warranted: reforms can be leaner without sacrificing essential protections if stakeholders stay engaged and vigilant.
For those who care about the long arc of digital society, the takeaway is that simplification should not mean abdication of rights. When data flows expand and AI decisions touch daily life, people deserve clarity, consent, and control. The best path blends clear rules with practical incentives for responsible innovation—without sacrificing the pillars that keep digital life fair and secure. Those worried about Big Tech influence have legitimate reasons to stay vigilant and demand transparent processes. The Digital Omnibus is a test of policy craft: can Brussels deliver a regime that is both nimble and principled? The jury is still out, but the conversation remains essential for a future where GDPR and the AI Act work in concert to protect people while encouraging thoughtful innovation.
Original article: Thank you to the authors of the original piece for the material and insights.
Practical steps for readers
- Review privacy settings, and check what data you share with major services. Understand how the GDPR applies to you.
- Exercise your data rights when appropriate; know how to submit access and deletion requests under GDPR, and seek explanations for automated decisions involving you.
- Learn how AI systems affect you and look for transparency disclosures tied to the AI Act protections (AI Act).
- Engage in public consultations and advocate for robust oversight that protects the vulnerable while enabling responsible innovation.
FAQ
- What is the Digital Omnibus? A package of proposals aimed at streamlining EU data-protection and AI rules, including GDPR and the AI Act.
- Will my data be safer? Outcomes depend on enforcement and how safeguards are implemented; the goal is clearer rights and accountability.
- What can I do as a citizen? Stay informed, exercise data rights, participate in consultations, and demand transparent governance.
References
- Amnesty International: EU simplification laws
- GDPR – European Commission
- AI Act – European Commission

