All onboard the EU data protection wagon?

The EU Digital Omnibus is not likely to satisfy everyone. The groundbreaking proposal to amend the personal data definition, for example, has been criticised by civil society for eroding individual rights. The same can be said about the proposals on limiting access rights. On the other hand, some businesses and privacy lawyers likely think that these reforms do not go far enough to make a real difference in terms of reducing the compliance burden and establishing legal certainty.

Whatever happens, any changes will not go though quickly. We can expect heavy lobbying, and within the EU institutions, the legislative wheels turn slowly. As the current AI Act deadline of August 2026 deadline looms, the AI Omnibus will be on the faster track with the Digital Omnibus not likely to complete its passage through EU institutions until some time in 2027.

There is much interest in the AI Omnibus as it would clarify that organisations can rely on the EU GDPR’s “legitimate interest” legal basis to use personal data for the training of AI systems and models. Some commentators, including the Centre for Democracy and Technology have expressed caution regarding proposals that could weaken the AI Act which represents a human rights-based approach to AI governance.

This topic will certainly feature at our 6-8 July 2026 Annual International Conference in Cambridge which we are currently planning. In the meantime, we draw your attention to one of the root causes of the EU reforms – the clash between EU and US views on digital.

Read about the potential for mass privacy claims, the global trajectory of 50 years of data privacy laws and what we need to know about disinformation.

Laura Linkomies
Editor, Privacy Laws & Business

February 2026