Europe’s top data protection authorities have expressed cautious support for the European Commission’s proposed Digital Omnibus Regulation, welcoming efforts to simplify compliance while warning that some changes could weaken fundamental privacy protections.
In a joint opinion released Feb. 11, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) said the proposal could reduce administrative burdens and improve legal clarity for organizations navigating the EU’s complex digital regulatory framework. The Digital Omnibus aims to streamline multiple laws, including the General Data Protection Regulation (GDPR), the ePrivacy Directive, and the Data Act, to boost competitiveness and innovation.
However, the regulators raised strong objections to proposed changes that would alter the definition of personal data under GDPR. They warned that narrowing the definition could significantly weaken protections for individuals and create legal uncertainty. The authorities also opposed allowing the European Commission to determine, through implementing acts, when pseudonymized data would no longer qualify as personal data, arguing that such decisions directly affect the scope of privacy law.
Despite these concerns, the regulators endorsed several measures designed to reduce compliance burdens. These include raising the threshold for reporting data breaches to supervisory authorities and extending reporting deadlines, steps they said would ease regulatory pressure on businesses without compromising individual rights. The introduction of standardized templates for data breach reporting and impact assessments was also viewed as a positive move toward harmonization.
The opinion further supported efforts to address “consent fatigue” caused by frequent cookie banners by encouraging automated, machine-readable consent signals. Regulators also welcomed measures to harmonize definitions related to scientific research and allow limited processing of biometric data for authentication under strict safeguards.
At the same time, the authorities called for additional clarification in areas related to artificial intelligence, automated decision-making, and the processing of sensitive data, emphasizing the need for safeguards throughout the AI lifecycle.
Overall, the EDPB and EDPS said simplification efforts must not come at the expense of privacy rights, urging lawmakers to ensure that reforms maintain trust, legal certainty, and strong protections as the EU continues to modernize its digital governance framework.
Need Help?
If you have questions or concerns about any global guidelines, regulations and laws, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.
