EU AI Act proposals could rewire GDPR, water down tech regulations

The European Commission is considering amending its landmark AI Act as Brussels faces overwhelming pressure from U.S. tech companies and the Trump administration.   

Proposed changes to the European Commission’s digital rules, which is set for a decision on November 19, could expand commercial and public uses of biometric technologies across the EU as a “digital omnibus” waters down many of the Act’s tech regulations.

The draft proposal would pause and soften parts of the AI Act and loosen some GDPR restrictions, with the simplifications intended to cut red tape across overlapping rules. Politico reports that officials are preparing “far-reaching changes” to GDPR that would be advantageous to AI developers. 

In addition, the omnibus would permit broader reliance on “legitimate interest” for data uses that today face tighter limits. This would make it materially easier for technology companies to collect and reuse images, video and other personal data to train biometric models such as facial recognition systems. 

The proposals would allow companies like Google, Meta and OpenAI to use Europeans’ personal data to train AI models by claiming legitimate interest. Firms could also be exempted from the ban on processing special-category data when required to avoid disproportionately hindering AI development, provided they can detect and remove that sensitive information.

However, final changes to the AI Act still require Commission sign‑off and approval by member states and the European Parliament. Jan Philipp, a former European Parliament member who was a major contributor to the drafting of GDPR, asked whether the amendments marked the end of data protection and privacy as the EU has known it. 

“The Commission should be fully aware that this is undermining European standards dramatically,” he said, as reported by Politico. Austrian privacy group Noyb, which has previously scuppered data transfer deals between Europe and the U.S., said the draft Digital Omnibus proposes “countless changes” that would amount to “death by a thousand cuts” to GDPR. 

“This would be a massive downgrading of Europeans’ privacy 10 years after the GDPR was adopted,” Noyb’s founder Max Schrems said in a statement. The EU has wavered in introducing the AI Act, as deadlines have been missed amidst differing views among bloc representatives. 

Article Topics

AI Act  |  biometrics  |  data privacy  |  EU  |  facial recognition  |  GDPR  |  legislation  |  surveillance