Consumer Protection Organization Raises Alarm Over European Commission’s Proposed GDPR Modifications
A Belgian consumer protection organization is voicing significant concerns regarding the European Union executive’s intentions to ease limitations on the General Data Protection Regulation framework.
During the final months of 2025, the governing institution of the European Union unveiled the Digital Omnibus, a collection of recommendations aimed at streamlining present guidelines concerning machine learning, network protection, and individual information safeguarding.
A key component of the Digital Omnibus structure involves establishing a centralized submission mechanism for companies to disclose cybersecurity breaches. Currently, enterprises and establishments must distribute these notifications to various regulatory bodies according to multiple statutes, encompassing the NIS2 Directive, the General Data Protection Regulation framework, and the Digital Operational Resilience Act.
By constructing a centralized submission mechanism, company compliance with assorted disclosure mandates ought to become more straightforward.
Furthermore, the governing institution of the EU aspires to generate a “business-promoting information confidentiality scheme” to “consolidate, clarify, and streamline” guidelines to drive technological advancement and facilitate organizational regulatory adherence while safeguarding the fundamental elements of the General Data Protection Regulation framework.
The Belgian consumer protection organization underscores that the suggested modifications might actually diminish safeguards for customer information security. At the moment, the General Data Protection Regulation framework prohibits enterprises from gathering and leveraging customer information without authorization.
Nonetheless, the Digital Omnibus framework permits software innovators to cite a “lawful objective” and leverage customer information without prior authorization to prepare AI systems.
In addition, the governing institution of the EU suggests to defer specific foundational guidelines of the AI regulatory framework. As an illustration, the governing institution wishes to create a gradual implementation until twenty twenty-eight for specific classifications of elevated-concern AI applications.
The Belgian consumer advocacy organization similarly highlights concerns regarding the governing institution’s intentions for notification frameworks. The organization indicates that particular openness requirements will be eliminated, encompassing enrollment of such equipment in an international storage system. Furthermore, the governing institution of the EU intends to concentrate supervision at the European AI governance entity.
The consumer organization further raises concerns regarding the governing institution’s strategy for internet notification systems. The governing institution seeks to enable inhabitants of the EU to express their choices with a single selection and preserve them in their internet platform or operating system configuration.
“In concept, web surfing should become more streamlined. However, the hazard remains genuine: insufficient disapproval might be construed as acceptance, diminishing your genuine power over information,” the advocacy organization contends.
This constitutes a substantial modification in mentality regarding the General Data Protection Regulation, which for decades has functioned as the worldwide criterion for information management and protection.
“The circumstances are apparent: can the EU maintain supremacy in information management while concurrently advancing in the machine learning domain? Or do we confront the chance of observing our digital privileges as inhabitants progressively relinquished for economic advantage?” the Belgian consumer organization concluded.
