Civil society decries digital rights ‘rollback' as European Commission pushes data protection changes

A coalition of 127 civil society groups and trade unions is pushing back on the European Commission’s reported changes to laws protecting citizens' data privacy and regulating how artificial intelligence can harness personal information.

The European Commission will publish a new digital simplification package on November 20 after a draft of the package, known as the EU Digital Omnibus, leaked earlier this month.

The leaked text includes changes that gut core provisions of Europe’s tough General Data Protection Regulation (GDPR), as well as the ePrivacy directive, Data Act and the EU AI Act. 

On Thursday, the coalition of trade unions and civil society groups published an open letter to the Commission decrying the changes. 

“What is being presented as a ‘technical streamlining’ of EU digital laws is, in reality, an attempt

to covertly dismantle Europe's strongest protections against digital threats,” they wrote. 

“These are the protections that keep everyone’s data safe, governments accountable, protect people from having artificial intelligence (AI) systems decide their life opportunities and ultimately keep our societies free from unchecked surveillance.”

The coalition includes European Digital Rights (eDRI), Access Now, the Center for Democracy and Technology Europe and noyb. 

The changes to Europe’s data protection and artificial intelligence laws under consideration include:

• Weakening rules requiring citizens to consent to cookies because they allegedly are difficult to understand and impose significant costs to businesses.

• Changes to how and when data protection impact assessments are required.

• Overhauling the GDPR so that it only applies to “directly revealed” sensitive data without  protections for inferred data, which is data deduced from directly collected information. 

• Allowing more personal data to be processed to train and operate AI systems. 

• No longer requiring entities collecting consumers’ data to send data subjects privacy notices in some circumstances.

• Potentially excluding pseudonymous data, or data stripped of direct identifiers, from being covered by the GDPR.

• Eliminating a requirement that AI developers register in a public database.

“Unless the European Commission changes course, this would be the biggest rollback of digital

fundamental rights in EU history,” the letter says. “It is being done under the radar, using rushed and opaque processes designed to avoid democratic oversight.”

A spokesperson for the European Commission did not immediately respond to a request for comment.