10 Nov 2025
A leaked draft of the European Commission’s upcoming “Digital Omnibus” hints at the most significant changes to the GDPR since 2018 — but are they really enough?
The Omnibus, due to be officially unveiled on 19 November 2025, promises to simplify Europe’s sprawling digital rulebook. It aims to clarify key definitions in the GDPR, reduce compliance burdens for smaller businesses, and address long-standing frustrations such as cookie banner fatigue and redundant reporting across digital laws.
The reforms look practical: a single entry point for data-breach reporting, harmonised templates for privacy impact assessments, and even the possibility of machine-readable consent signals that could finally end the endless pop-ups.
But the real test is whether these tweaks address the deeper ambiguities that have plagued the GDPR since its inception. The draft’s new exemptions for “residual processing” of sensitive data in AI training may sound modern. Yet, they don’t resolve the core issue: how can purpose limitation work in a world where algorithms constantly repurpose data?
The GDPR struggles with AI and purpose limitation — how can data be used “only for a specific purpose” when algorithms constantly learn and repurpose it? Other long-standing principles, such as data minimisation and the right to erasure, also remain tied to a world of static records, not dynamic AI models. The GDPR remains Europe’s flagship privacy law, but one still written for the internet of yesterday.
The leaked proposal is therefore a welcome step toward regulatory coherence, but not a genuine modernisation. It tidies the rules; it doesn’t rethink them. 𝐓𝐡𝐞 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐎𝐦𝐧𝐢𝐛𝐮𝐬 𝐦𝐚𝐲 𝐛𝐞 𝐚 𝐬𝐭𝐚𝐫𝐭, 𝐛𝐮𝐭 𝐭𝐡𝐞 𝐫𝐞𝐚𝐥 𝐜𝐨𝐧𝐯𝐞𝐫𝐬𝐚𝐭𝐢𝐨𝐧 𝐚𝐛𝐨𝐮𝐭 𝐚 𝐆𝐃𝐏𝐑 𝐟𝐢𝐭 𝐟𝐨𝐫 𝐭𝐡𝐞 𝐚𝐥𝐠𝐨𝐫𝐢𝐭𝐡𝐦𝐢𝐜 𝐚𝐠𝐞 𝐢𝐬 𝐨𝐧𝐥𝐲 𝐣𝐮𝐬𝐭 𝐛𝐞𝐠𝐢𝐧𝐧𝐢𝐧𝐠.
View original LinkedIn post.
Rond Point Schuman 6 | Box 5
1040 Brussels | Belgium
info@privacynext.eu
Copyrights © 2026 PrivacyNext.eu | Privacy Policy | Cookie Policy Webdesign & Development by ALYS
