EU Digital Omnibus Supposedly Simplifies Digital Privacy Regulation

The EU Commission has put forth their Digital Omnibus Regulation Proposal, which aims to simplify the GDPR in order to foster competitiveness. According to the document:

The Digital Omnibus proposal includes a set of technical amendments to a large corpus of digital legislation, selected to bring immediate relief to businesses, public administrations, and citizens alike, to stimulate competitiveness.

The amendments are explicitly focused on making data more accessible to companies for economic purposes.

For these reasons, the amendments focus on unlocking opportunities in the use of data, as a fundamental resource in the EU economy, not least in view of supporting the development and use of trustworthy artificial intelligence solutions in the EU market. Targeted amendments to the data protection and privacy rules support this objective and provide immediate simplification measures for businesses and individuals, strengthening their ability to exercise their rights.

Critics accuse the Commission of bowing to Big Tech pressure. Amnesty International released a statement about their concerns with the EU's "ongoing deregulatory push" which includes this proposal, saying that it could dismantle the EU's current protections against digital threats.

European Digital Rights (EDRi) echos these concerns, stating that the new Digital Omnibus "risks dismantling the rules-based system that was hard-won over decades," and that...

The Digital Omnibus proposals pander to corporate interests, with Big Tech players as well as European corporations standing to gain significantly. It also plays into the hands of the US administration, which has a vested interest in undermining the EU’s tech policy framework. Industry players also had privileged access to decision-makers and the law-making process: the Commission followed a procedure with legislative shortcuts that circumvented democratic scrutiny, sidelining concerns from civil society acting in the public interest.

However, the proposal claims that the changes would level the playing field between small business and Big Tech, explicitly pointing to concerns smaller businesses have with complying with the current GDPR:

some entities, especially smaller companies and associations with a low number of non-intensive, often low-risk data processing operations, expressed concerns regarding the application of some obligations of the General Data Protection Regulation.

The proposal also aims at “clarifying that further processing for scientific purposes is compatible with the initial purpose of processing and by clarifying that scientific research constitutes a legitimate interest.”

EDRi claims this carve-out for scientific research will enable AI companies to use highly-sensitive personal information for AI training and other "high-risk algorithmic technologies."

The EU also calls out those annoying cookie banners and the bad user experience and significant cost incurred by companies to comply.

Specifically, the proposal calls for the GDPR to be the only regulation applying to these cookies and highlights that it paves the way for browser-based consent signals that would simplify the user experience and the implementation of websites.

You should give the proposal a read for yourself, it’s available for download from their website.