EU Scales Back GDPR and AI Rules Amid Industry Pressure

EU Scales Back GDPR and AI Rules Amid Industry Pressure

Key Points

  • EU proposes to simplify GDPR cookie consent and allow broader data sharing.
  • AI Act deadlines are extended until supporting standards are ready.
  • Smaller firms receive eased documentation and reporting requirements.
  • AI oversight will be centralized in an EU AI Office.
  • Commission frames reforms as simplification, not weakening of rights.
  • Proposal moves to Parliament and member‑state votes, likely sparking debate.
  • Civil‑rights groups and some politicians criticize the roll‑back.
  • Industry leaders argue changes will boost innovation and economic growth.

Europe is scaling back its landmark privacy and AI laws

Background and Motivation

After years of positioning itself as a global leader in technology regulation, the European Union is revisiting key elements of its privacy and artificial‑intelligence frameworks. The European Commission says the revisions respond to intense pressure from industry and the United States, and are intended to simplify compliance, reduce bureaucratic burdens, and revive sluggish economic growth.

Key Changes to the GDPR

The draft proposal alters core provisions of the General Data Protection Regulation. It makes it easier for companies to share anonymized and pseudonymized personal datasets and permits AI firms to use personal data for training models, provided they meet other GDPR requirements. Another notable shift involves cookie consent: many “non‑risk” cookies would no longer trigger pop‑up banners, and users could manage remaining cookies through centralized browser controls rather than individual site prompts.

Adjustments to the AI Act

The AI Act, which introduced a phased rollout of rules for high‑risk AI systems, is also being softened. The grace period for rules that were slated to take effect next summer is extended, with the new timeline tied to the availability of needed standards and support tools. Smaller companies would benefit from simplified documentation requirements, and a unified interface for reporting cybersecurity incidents is introduced.

Governance and Oversight

Oversight of AI activities will be centralized in a newly emphasized AI Office. The Commission frames these moves as “simplifying EU laws, not weakening them,” emphasizing that fundamental user rights will remain fully protected.

Political Reaction

The proposal now heads to the European Parliament and the 27 member states, where it will need a qualified majority to pass. Critics, including civil‑rights groups and some politicians, argue the changes weaken essential safeguards and capitulate to Big Tech pressure. The draft has already drawn criticism from figures such as former Italian prime minister Mario Draghi, who urged the bloc to ease what he described as burdensome regulation.

Industry Perspective

Henna Virkkunen, executive vice‑president for tech sovereignty at the Commission, explained that cutting red tape will give space for innovation, open data access, and support tools like a common European Business Wallet, while still protecting fundamental rights.

Implications

If adopted, the revisions could reshape Europe’s tech‑regulatory landscape, making it more attractive for startups and smaller firms while potentially diminishing the EU’s reputation as a strict privacy guardian. The changes also come at a time when the global AI race is dominated by U.S. and Chinese companies such as Google, OpenAI, and DeepSeek, leaving Europe without a clear competitive edge.

Source: theverge.com