On 28 January, 2026, to mark Data Protection Day, the European Data Protection Supervisor (EDPS) and the Council of Europe hosted their annual conference with the theme “Reset or refine?” The question comes at a critical time, as the EU is undertaking significant legislative reforms in the fields of digital, data, and AI. At the centre of this debate is the European Commission’s Digital Omnibus package and the various proposed amendments aimed at simplifying aspects of GDPR.
Throughout the day, it was clear that opinions on these reforms are far from uniform. The Commission is emphasising that the reform process is about simplification, to better support innovation and competitiveness while maintaining the protection of fundamental rights. Alternative views were expressed that the Commission’s proposals will result in a diminishing of data protection rights. So the debate on whether or not we are refining or resetting data protection rules in the EU will continue, showing the need for diverse voices to be part of this debate.
A significant point of contention is the Commission’s proposal for a definition of “personal data”. This proposal is based on the September 2025 judgment of the Court of Justice of the EU (CJEU) in the case of EDPS v SRB (C-413/23 P). The Commission argues that the proposed amendment simply codifies existing definitions in light of decisions by the CJEU. Yet, there were diverse perspectives at the conference. Some attendees raised concerns that the changes might be overly broad and potentially misinterpret the court’s ruling, particularly regarding when pseudonymized data should be considered non-personal and thus exempt from GDPR. Others, however, felt that a compromise could be reached, highlighting the complexity of the issue as the discussions progress through the legislative scrutiny of the Digital Omnibus.
The impact of any legislative reform upon the data protection rights in the EU was a constant theme throughout the day. The Deputy Chair of the European Data Protection Board (EDPB), Jelena Virant Burnik, emphasised that while a full-scale reset of GDPR is unwarranted, some refinements could be beneficial. Other speakers were highly critical of the existing condition of data protection rights and expressed the view that the proposed reforms will only worsen the situation.
Attention was given to the proposed adjustments to cookie consent and the challenges of keeping regulations in step with the evolution of online tracking practices. Civil society voices robustly critiqued these changes, arguing that the proposals could undermine fundamental user rights to privacy and data protection. In contrast, industry representatives argued that such adjustments would provide the necessary legal clarity around consent, supporting business activities and innovation in Europe.
Wojciech Wiewiórowski, the European Data Protection Supervisor, made clear in his keynote address that reform processes require widespread engagement and discussions. The EU institutions need to talk with each other, and the voices of all in society need to be heard.
Privacy Next will be closely tracking the Digital Omnibus negotiations across the EU, so keep up to date on developments by subscribing to our newsletter below.
29 January, 2026
Rond Point Schuman 6 | Box 5
1040 Brussels | Belgium
info@privacynext.eu
Copyrights © 2026 PrivacyNext.eu | Privacy Policy | Cookie Policy Webdesign & Development by ALYS
