By Leo Marchandon
-The European Commission on Wednesday unveiled sweeping changes to Europe’s digital rulebook that critics say would give major technology companies easier access to personal data and weaken privacy protections in place for two decades.
The ‘Digital Omnibus’ package would delay strict AI regulations until late 2027, ease data access rules to let firms use vast datasets – including sensitive health and biometric information – for AI training without explicit consent, and include measures to cut red tape for businesses.
Officials insist the changes, which still need approval from European Union countries and the European Parliament, would maintain the region’s tough privacy standards, despite warnings from civil society groups that they favour Big Tech interests.
ENFORCEMENT OF ‘HIGH-RISK AI’ RULES DELAYED UNTIL 2027
Companies using what are termed “high-risk” artificial intelligence systems would get an extra 16 months before stricter regulations take effect, pushing the rules back until December 2027 from August 2026 currently.
High-risk AI refers to usage related to law enforcement, education, justice, asylum and immigration, public services, workforce management, critical infrastructure such as water, gas or electricity, and using biometric data.
TECH FIRMS’ ACCESS TO PERSONAL DATA WOULD BE EASED
The Commission aims to clarify when data stops being “personal” under privacy law, potentially making it easier for tech companies to use anonymous information from EU citizens for AI training.
Under the proposal, information that has been made anonymous would not be considered personal data if the entity handling it is deemed not to have means to re-identify the person to whom the information relates.
When training AI systems, firms would be allowed to use huge datasets even if they contain sensitive personal information like health or biometric data as long as they make reasonable efforts to remove it.
USERS WOULD GET FEWER COOKIE POP-UPS
Website cookie consent banners would appear far less frequently under changes moving cookie rules into the main data protection regulation.
Users would be able to set their cookie preferences once, either with a single click lasting six months or through browser and operating system settings that apply across all websites. Certain basic website functions, like counting visitors, would no longer require consent pop-ups.
Websites would still need explicit consent before accessing data stored on users’ devices, such as location or browsing history.
CUTTING RED TAPE FOR SMALL COMPANIES
Small and medium-sized businesses developing or using AI systems would face significantly reduced documentation requirements, potentially saving at least 225 million euros ($261 million) annually, according to the Commission.
The changes would also exempt small companies from some cloud-switching rules in data legislation, saving them approximately 1.5 billion euros in one-time compliance costs.
In addition, firms would receive a ‘European Business Wallet’, essentially a digital passport that works across all 27 EU member states, that would allow them to digitally sign and timestamp documents and handle filings across Europe.
The Commission says this could eliminate up to 150 billion euros per year in administrative costs once widely adopted.
($1 = 0.8632 euros)
(Reporting by Leo Marchandon. Editing by Mark Potter)
