EDPB and EDPS on EU Digital Omnibus: Do not change personal data concept



The EU Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) strongly urge the co-legislators not to adopt the proposed changes to the definition of personal data, as they go far beyond a targeted or technical amendment of the GDPR.

“In addition, they do not accurately reflect and clearly go beyond the Court of Justice of the European Union (CJEU) jurisprudence, and they would result in significantly narrowing the concept of personal data. The European Commission should not be entrusted to decide by an implementing act what is no longer personal data after pseudonymisation as it directly affects the scope of application of EU data protection law,” the authorities say.

In their joint Opinion, issued today, the authorities say that they welcome the Commission’s steps toward greater harmonisation, consistency, and legal certainty, but also have some concerns. For example, while the EDPB and the EDPS welcome the proposal’s aim to introduce a specific derogation for prohibiting the processing of sensitive data, they recommend several improvements, such as clarifying the scope of the derogation and ensuring safeguards throughout the whole lifecycle.

“We must make sure that any changes to the GDPR and EUDPR [Regulation governing the EU institutions] actually clarify obligations and bring legal certainty while maintaining trust and a high level of protection of individual rights and freedoms," European Data Protection Supervisor, Wojciech Wiewiórowski said.

See:

PL&B has organised a one-day conference in Ireland on 14 May on the Digital Omnibus, and Ireland’s position in the EU.
Speakers include Dr Des Hogan, Ireland’s Data Protection Commissioner, and Michael McGrath, European Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection.

Also see more content on the Digital Omnibus in PL&B International Report February 2026