According to Neowin, the European Commission has proposed sweeping changes to GDPR that would dramatically reduce cookie consent pop-ups and simplify AI regulations. The “Digital Omnibus” package targets GDPR, the AI Act, and Data Act with specific changes including one-click cookie consent through browser controls and exemptions for “non-risk” cookies. Companies would get easier access to anonymized personal data for AI training, while small businesses would see simplified AI documentation requirements. The changes also create a single entry point for cybersecurity incident reporting and delay some AI Act provisions until August 2026 and August 2027. The proposal now moves to the European Parliament and member countries for approval.
Business reality check
Here’s the thing – this isn’t really about simplifying things for small European startups. Look at who’s cheering: CCIA Europe, whose members include Google, Apple, Meta, and Amazon. These companies have been fighting GDPR since day one, and now they’re finally getting what they wanted. The ability to use personal data for AI training? That’s pure gold for companies building large language models. Simplified cookie rules? That means less friction for their advertising businesses. This is basically Big Tech getting the regulatory relief they’ve been lobbying for behind the scenes.
privacy-backlash”>Privacy backlash
Meanwhile, privacy groups are absolutely furious. 127 civil organizations signed a joint statement calling this “the biggest rollback of digital fundamental rights in EU history.” And they’re not wrong. Remember when GDPR was hailed as the global gold standard for privacy protection? Now we’re watching it get systematically dismantled piece by piece. The Commission argues this will spur economic growth, but at what cost? When you make it easier for companies to use your data, you’re basically trading privacy for convenience – and most users don’t even realize the trade they’re making.
What’s really changing
So what does this mean for you? Fewer annoying cookie pop-ups, sure. But the changes go much deeper. The browser-based consent system sounds convenient until you realize it’s shifting control away from individual websites to browser makers – who just happen to be the same tech giants that benefit from these changes. The AI training provisions could let companies use your data to build products without your explicit consent. And the simplified reporting? That’s great for businesses, but it could mean less transparency about security breaches. The Digital Package FAQ frames this as modernization, but it feels more like capitulation to corporate pressure.
Broader implications
This represents a major shift in Europe’s digital strategy. For years, the EU positioned itself as the privacy champion willing to stand up to American tech giants. Now? They’re rolling back protections while giving more power to centralized authorities like the AI Office. The timing is interesting too – coming right as AI development is exploding and companies are desperate for training data. It’s almost like the regulatory capture is happening in plain sight. The official press release talks about reducing burdens, but doesn’t mention that the biggest beneficiaries will be the same companies that created the privacy problems in the first place. What happens in Europe often influences global standards – so this could signal a broader retreat from strong data protection worldwide.
