The European Commission has put forward a set of proposed legal changes that could alter how personal data is handled across the European Union. The proposals, described as part of a wider effort to simplify digital regulation, have prompted concern among privacy advocates who say they may weaken individuals’ control over their own information.
At the centre of the discussion is a package of planned amendments to existing digital and data protection rules, including how certain provisions of the General Data Protection Regulation are applied. The Commission has said the goal is to reduce complexity and make compliance easier for organisations operating across multiple EU countries. Critics argue that some of the changes could shift the balance away from individuals and towards broader data use by companies and public bodies.
Under the current framework, people in the EU have clear rights over their personal data. These include the right to know how data is used, to access and correct it, and to object to certain forms of processing. The new proposals would adjust how personal data is defined in specific contexts, including when information is considered sufficiently anonymised. Privacy groups warn that looser definitions could allow data to be reused more freely while still being linked back to individuals in practice.
Another area of concern relates to how online tracking and related technologies are regulated. The proposals would move some rules that currently sit under separate privacy legislation into the GDPR framework. While this is intended to create a more consistent legal structure, critics say it could also reduce the level of consent required for certain types of data collection, depending on how the changes are implemented.
The Commission has also pointed to the growing use of data for purposes such as artificial intelligence development and research. It has been argued that clearer and more flexible rules would help European innovation by allowing wider access to datasets. Opponents of the proposals say this approach risks prioritising economic objectives over the privacy rights that have been a defining feature of EU law for more than a decade.
Civil society groups and some members of the European Parliament have expressed concern that the changes could introduce new exceptions that make it harder for individuals to understand or control how their data is used. They argue that any reduction in transparency or consent requirements would undermine public trust in digital services and data protection authorities.
Supporters of the proposals say the current regulatory framework can be difficult to navigate, particularly for smaller organisations, and that simplification does not necessarily mean weaker protection. They argue that clearer rules could improve compliance overall and reduce inconsistent enforcement between EU member states.
The proposals are still at an early stage and will be reviewed by both the European Parliament and the Council of the European Union. Amendments are likely before any final legislation is adopted. The outcome of that process will determine whether the changes lead to a recalibration of data protection rules or preserve the existing level of individual control over personal data across the EU.