The European Commission has formally presented the proposal for a Regulation to Simplify the Legal Framework for the Data Economy, known as Digital Omnibus. The text confirms what was already in the air: Europe has taken a turn. If until now it had positioned itself as a benchmark for the protection of people's privacy, with this proposal it lowers the requirement to, it says, simplify regulation, reduce bureaucracy and make the application of such complex rules as the GDPR, the AI Law or the ePrivacy directive more agile. The reality, however, is that behind this administrative rhetoric lies a much deeper movement: the reopening of some of the pillars that have supported data protection and European digital rights over the last decade.
The Digital Omnibus is, first of all, a practical reinterpretation of the GDPR. It relaxes the way in which pseudonymised or anonymised data can be used, and makes more flexible the transparency and documentation obligations that had been essential for the accountability of organisations. At the same time, the package introduces significant delays in parts of the AI Act, especially in the requirements applicable to generative AI systems and high-risk models. In other words, it buys time: an extra year to label synthetic content, more months to develop standards, more transition periods for companies to adapt. All this at a time when AI is fully entering public services, education, healthcare or work processes on a large scale.
Who benefits? Mainly, the large technology platforms. These companies, which already operate with colossal economies of scale and a control over data that no European actor can match, gain room to continue deploying systems without encountering strict obligations of transparency, documentation or risk assessment so soon. Also benefiting are public administrations, which often depend on proprietary solutions and appreciate a regulatory respite, and a part of European industry that perceives regulation as a competitive obstacle in relation to the United States and China.
Given this, there is no shortage of those who are raising their voices to warn. Rightly so, all of this amounts to gradually dismantling the European data protection model. Reinterpreting the GDPR sets a worrying precedent: if the framework that was supposed to be “untouchable” begins to erode, public trust and legal coherence could be compromised. There is also concern that key parts of the AI Law are being delayed just when it is most needed to oversee systems that are already being integrated into sensitive decisions.
The underlying debate is clear: how much regulation can we make more flexible in the name of competitiveness without putting at risk the rights that have defined the European model? The Digital Omnibus seeks agility, but it may end up sacrificing essential guarantees. And this is where companies — especially those that operate responsibly — should be the first to demand clarity, stability and rules that protect both innovation and public trust. Digital progress cannot be based on shortcuts.
Jordi Ventura
