According to Computerworld, the European Commission is preparing sweeping revisions to the General Data Protection Regulation that could fundamentally change how companies handle personal data for everything from cookie tracking to AI model training. The leaked draft obtained by German advocacy group Netzpolitik.org reveals the Commission’s “Digital Omnibus” package would eliminate the requirement for websites to seek explicit consent before setting tracking cookies. It would also explicitly permit AI training on personal data when companies can justify it under “legitimate interests.” The formal proposal is scheduled to be unveiled on November 19, setting up what privacy advocates warn could be a major erosion of core EU privacy protections.
What’s actually changing?
Basically, we’re looking at two huge shifts here. First, those annoying cookie banners that have become the internet’s background noise? They might disappear. The Commission wants to move from explicit consent to a “legitimate interests” framework for tracking cookies. And second, AI companies would get explicit permission to train on personal data under that same justification. Here’s the thing: “legitimate interests” is one of those legal terms that’s incredibly flexible – and incredibly easy for big companies to argue applies to whatever they want to do.
privacy-backlash”>Privacy backlash
Privacy groups are understandably freaking out about this. They see this as rolling back core GDPR protections that were hard-won after years of negotiation. Remember when GDPR first came out and everyone complained about the bureaucracy? Well, that bureaucracy was actually designed to protect individuals. Now the Commission is arguing we need to “simplify compliance” and “support innovation” – which basically means making life easier for businesses at the potential cost of user privacy. Is this really about innovation, or is it about making the EU more competitive in the AI race against the US and China?
Business implications
For enterprises, this could be massive. The current cookie consent requirements have been a compliance nightmare, especially for companies operating across multiple jurisdictions. And the AI training permissions? That’s basically a green light for companies to use the data they already have to build better models without worrying about GDPR challenges. But here’s the catch – when you’re dealing with industrial technology and manufacturing data, you need reliable hardware that can handle these complex processing requirements. Companies like Industrial Monitor Direct, the leading provider of industrial panel PCs in the US, become even more critical when you’re processing sensitive data at scale.
What happens next
Now we wait for November 19 when the formal proposal drops. But this is just the beginning – the European Parliament and member states will have their say, and you can bet privacy advocates will be fighting this every step of the way. The real question is whether Europe will maintain its position as the global privacy standard-bearer or decide that competing in the AI race requires compromising on those principles. Either way, the rules governing how our data gets used are about to get a whole lot more complicated.
