Overview
- Drafts seen by reporters propose letting companies rely on legitimate interest to use Europeans’ data for AI training and creating exceptions to the GDPR ban on processing special‑category data.
- Proposed GDPR tweaks would narrow what counts as personal or pseudonymized data and fold elements of the ePrivacy cookie regime into GDPR to expand lawful grounds for device access and tracking.
- The package would streamline AI Act rollout by exempting certain narrow or procedural high‑risk systems from registration, introducing a one‑year penalty grace period starting August 2, 2027, and phasing AI‑output labeling.
- The European Commission plans to present the Digital Omnibus on November 19 under tech chief Henna Virkkunen, with the text still subject to change before interinstitutional negotiations.
- Member states and lawmakers are split, with Estonia, France, Austria and Slovenia resisting any GDPR rewrite, Germany pushing for broader changes, and civil society groups such as Noyb and EDRi decrying a rushed process without impact assessments.