BRUSSELS — A fresh proposal by European Commission President Ursula von der Leyen to reform digital laws on Wednesday was welcomed by lawmakers on the right but shunned on the left. It signals a possible repeat of a pivotal parliamentary clash last week in which von der Leyen’s center-right European People’s Party sided with the far right to pass her first omnibus proposal on green rules — sidelining the centrist coalition that voted the Commission president into office last year. The EU executive on Wednesday presented plans to overhaul everything from its flagship General Data Protection Regulation to data rules and its fledgling Artificial Intelligence Act. The reforms aim to help businesses using data and AI, in an effort to catch up with the United States, China and other regions in the global tech race. Drafts of the plans obtained by POLITICO caused an uproar in Brussels in the past two weeks, as everyone from liberal to left-leaning political groups and privacy-minded national governments rang the alarm. Von der Leyen sought to extend an olive branch with last-minute tweaks to her proposal, but she’s still a long way away from center-left groups. The Progressive Alliance of Socialists and Democrats, Greens and The Left all slamming the plans in recent days. Tom Vandendriessche, a Belgian member of the far-right Patriots for Europe group, said the GDPR is not “untouchable,” and that there needs to be simplification “to ensure our European companies can compete again.” He added: “If EPP supports that course, we’re happy to collaborate on that.” Charlie Weimers a Swedish member of the right-wing European Conservatives and Reformists, welcomed the plan for “cleaning up overlapping data rules, cutting double reporting and finally tackling the cookie banner circus.” Weimers argued von der Leyen could go further, saying it falls short of being “the regulatory U-turn the EU actually needs” to catch up in the AI race. Those early rapprochements on the right are what Europe’s centrists and left fear most. The digital omnibus “should not be a repetition of omnibus one,” German Greens lawmaker Sergey Lagodinsky told reporters on Wednesday. Lagodinsky warned EPP leader Manfred Weber that “there should be no games with anti-democratic and anti-European parties.” BIG REFORMS, SMALL CONCESSIONS The Commission’s double-decker digital omnibus package includes one plan to simplify the EU’s data-related laws (including the GDPR as well as rules for nonpersonal data), and another specifically targeting the AI Act. A Commission official, briefing reporters without being authorized to speak on the record, said the omnibus’ impact on the GDPR was subject to “intense discussion” internally in the run up to Wednesday’s presentation, after its rough reception from some parliament groups and privacy organizations. Much in the EU executive’s final text remained unchanged. Among the proposals, the Commission wants to insert an affirmation into the GDPR that AI developers can rely on their “legitimate interest” to legally process Europeans’ data. That would give AI companies more confidence that they don’t always have to ask for consent. It also wants to change the definition of personal data in the GDPR to allow pseudonymized data — where a person’s details have been obscured so they can’t be identified — to be more easily processed. The omnibus proposals also aim to reduce the number of cookie banners that crop up across Europe’s internet. To assuage privacy concerns, Commission officials scrapped a hotly contested clause that would have redefined what is considered “special category” data, like a person’s religious or political beliefs, ethnicity or health data, which are afforded extra protections under the GDPR. The new cookie provision will also contain an explicit statement that website and app operators still need to get consent to access information on people’s devices. SEEKING POLITICAL SUPPORT The final texts will now be scrutinized by the Parliament and Council of the European Union. Von der Leyen’s center-right EPP welcomed the digital simplification plans as a “a critical boost for Europe’s industrial competitiveness.” Parliament’s group of center-left Socialists and Democrats came out critical of the reforms. Birgit Sippel, a prominent German member of the group, said in a statement the Commission “wants to undermine its own standards of protection in the area of data protection and privacy in order to facilitate data use, surveillance, and AI tools ‘made in the U.S.’” On the EPP’s immediate left, the liberal Renew group cited “important concerns” about the final texts but said it was “delighted” that the Commission backtracked on changing the definition of sensitive data, one idea in the leaked drafts that triggered a backlash. Renew said it would “support changes in the digital omnibus that will make life easier for our European companies.” If von der Leyen goes looking for votes for her digital omnibus among far-right groups, she will find support but it might not be a united front. German lawmaker Christine Anderson of the Alternative for Germany party, part of the far-right Europe of Sovereign Nations group, warned the digital omnibus could end up boosting “the ability to track and profile people.” Weaker privacy rules would “enable enhanced surveillance architecture,” she said, adding her party had “always opposed” such changes. “On these issues, we find ourselves much closer to the groups on the left in the Parliament,” she said. Pieter Haeck contributed reporting.

BRUSSELS — European Union officials are ready to sacrifice some of their most prized privacy rules for the sake of AI, as they seek to turbocharge business in Europe by slashing red tape.  The European Commission will unveil a “digital omnibus” package later this month to simplify many of its tech laws. The executive has insisted that it is only trimming excess fat through “targeted” amendments, but draft documents obtained by POLITICO show that officials are planning far-reaching changes to the General Data Protection Regulation (GDPR) to the benefit of artificial intelligence developers.   The proposed overhaul will come as a boon to businesses working with AI, as Europe scrambles to stay economically competitive on the world stage. But touching the flagship privacy law — seen as the “third rail” of EU tech policy — is expected to trigger a massive political and lobbying storm in Brussels. “Is this the end of data protection and privacy as we have signed it into the EU treaty and fundamental rights charter?” said German politician Jan Philipp Albrecht, who as a former European Parliament member was one of the chief architects of the GDPR. “The Commission should be fully aware that this is undermining European standards dramatically.” Brussels’ shift on privacy comes as it frets over Europe’s waning economic power. Former Italian Prime Minister Mario Draghi namechecked the General Data Protection Regulation as holding back European innovation on artificial intelligence in his landmark competitiveness report last year. European privacy regulators have already been spoiling Big Tech’s AI party in recent years. Meta, X and LinkedIn have all delayed rollouts of artificial intelligence applications in Europe after interventions by the Irish Data Protection Commission. Google is facing an inquiry by the same regulator and was previously forced to pause the release of its Bard chatbot. Italy’s regulator has previously imposed temporary blocks on OpenAI’s ChatGPT and Chinese DeepSeek over privacy concerns. Those same tech giants are racing ahead in the U.S., without an equivalent blanket privacy law barring them from feeding AI with citizens’ data. UNLEASH THE LOBBYISTS The General Data Protection Regulation’s initial drafting in 2012-2016 triggered one of the biggest lobbying efforts Brussels has ever seen. Since taking effect in 2018, the EU has steered clear of amending it, fearing it would reignite the vicious lobbying war.  In past months, Commission officials have sought to preempt worries that it was overhauling the privacy rulebook. It insisted that its simplification proposals wouldn’t touch the underlying principles of the GDPR.  Now that draft plans are out, civil society campaigners have begun sounding the alarm. The Commission is “secretly trying to overrun everyone else in Brussels,” said Max Schrems, founder of Austrian privacy group Noyb — and Europe’s infamous privacy campaigner who was behind court cases that brought down major data transfer deals with the United States in the past. “This disregards every rule on good lawmaking, with terrible results,” he said. “Is this the end of data protection and privacy as we have signed it into the EU treaty and fundamental rights charter?” said German politician Jan Philipp Albrecht. | Heiko Rebsch/picture alliance via Getty Images One line of attack from privacy groups is to poke holes in what they say is a rushed omnibus process. While the GDPR took years to negotiate, public consultation on the digital omnibus only ended in October. The Commission has not prepared impact assessments to accompany its proposals, as it says the changes are only targeted and technical. The Commission’s tunnel vision on the AI race has resulted in a “poorly drafted ‘quick shot’ in a highly complex and sensitive area,” said Schrems. LOOSENING PRIVACY RULES The draft proposal obtained by POLITICO shows how far the European Commission is willing to go to placate industry on AI. Draft changes would create new exceptions for AI companies that would allow them to legally process special categories of data (like a person’s religious or political beliefs, ethnicity or health data) to train and operate their tech. The Commission is also planning to reframe the definition of such special category data, which are afforded extra protections under the privacy rules.   Officials also want to redefine what constitutes as personal data, saying that pseudonymized data (where personal details have been obscured so a person can’t be identified) might not always be subject to the GDPR’s protections, a change that reflects a recent ruling from the EU’s top court. Finally, it wants to reform Europe’s pesky cookie banner rules by inserting a provision into the GDPR that would give website and app owners more legal grounds to justify tracking users beyond simply obtaining their consent. The draft proposal could still change before the Commission officially unveils its plans on Nov. 19. Once presented, the omnibus package has to pass muster with EU countries and lawmakers, who are already sharply divided on whether to touch privacy protections.   But Finnish center-right lawmaker Aura Salla said she would “warmly” welcome the proposal “if done correctly,” as it could bring legal certainty for AI companies. | Alexis Haulot/European Parliament Documents seen by POLITICO show that Estonia, France, Austria and Slovenia are firmly against any rewrite of the General Data Protection Regulation. Germany — usually seen as one of the most privacy-minded countries — on the other hand is pushing for big changes to help AI. In the European Parliament, the issue is expected to divide groups. Czech Greens lawmaker Markéta Gregorová said she is “surprised and concerned” that the GDPR is being reopened. She warned that Europeans’ fundamental rights “must carry more weight than financial interests.”  But Finnish center-right lawmaker Aura Salla — who previously led Meta’s Brussels lobbying office — said she would “warmly” welcome the proposal “if done correctly,” as it could bring legal certainty for AI companies. Salla emphasized that the Commission will have to “ensure it is European researchers and companies, not just third country giants that gain a competitive edge from our own rules.” 

Ireland’s Data Protection Commission (DPC) has launched a fresh inquiry into TikTok’s transfers of personal data to Chinese servers, it said Thursday, following on from its investigation that led to a €530 million fine against the company in April. The Irish regulator in April was informed by TikTok of an issue that meant a limited amount of EU user data had been stored on servers in China, an issue it said it discovered in February. The discovery contradicted the firm’s long-held position that personal data of EU users was only accessed remotely by the platform’s staff in China. But it came only just before the investigation concluded. Because of this, the DPC did not investigate it fully. The regulator in April fined TikTok for not sufficiently protecting EU personal data from Chinese state surveillance. The DPC earlier this year expressed “deep concern” that TikTok submitted “inaccurate information to the inquiry.” In a statement on Thursday, it said it had decided to open a new inquiry into the personal data transfers to servers in China after consulting with other data protection authorities in Europe. The Irish regulator said the inquiry will focus on whether TikTok has complied with its obligations under the EU’s General Data Protection Regulation, including articles relating to accountability, transparency, cooperation with supervisory authorities and compliance with rules around data transfers outside of the EU. TikTok was notified earlier this week about the Irish DPC’s decision to launch a fresh inquiry. The company has been contacted for comment.