European Commission proposes major GDPR amendments to boost AI development and ease compliance

The European Commission plans sweeping changes to the GDPR, redefining data processing rules to facilitate AI innovation while sparking debate over privacy standards amid divided member state opinions and industry concerns.

The European Commission is set to propose sweeping amendments to the General Data Protection Regulation (GDPR) as part of a broader digital omnibus package scheduled for official unveiling on November 19, 2025. These amendments aim to carve new legal pathways for artificial intelligence (AI) developers to process personal data, including sensitive categories such as religious beliefs, political affiliations, ethnicity, and health information. This marks a significant pivot from the privacy-focused stance that has underpinned European technology policy since the GDPR’s inception in 2018.

According to draft documents obtained by POLITICO, the proposed changes will establish the processing of personal data for “development and operation of AI models and systems” as a legitimate interest under Article 6(1)(f) of the GDPR, sidestepping the need for explicit consent except where mandated by other laws. This new legal ground extends to AI systems defined in the AI Act, encompassing automated processing beyond traditional machine learning.

In tandem, the Commission plans to redefine what constitutes personal data under the regulation, potentially excluding pseudonymized information in certain contexts, a move reflecting a recent ruling from the EU’s Court of Justice. The package also seeks to reform cookie consent rules by embedding provisions within the GDPR to provide website and app operators with additional legal grounds to track users without requiring consent, promising to alleviate the barrage of cookie banners faced by internet users.

This initiative is part of a broader EU strategy, coined the “Digital Omnibus”, which also includes delays to the implementation of high-risk AI regulation provisions until December 2027. This delay, influenced by lobbying from major technology companies such as Google, Meta, and OpenAI, is intended to ease compliance burdens while maintaining regulatory oversight, particularly for AI applications in sensitive areas including biometric identification, healthcare, and law enforcement.

The Commission defends these measures as necessary technical adjustments to bolster Europe’s competitiveness in AI innovation, a sector where American and Chinese companies currently enjoy substantial leads. Former Italian Prime Minister Mario Draghi’s 2024 report notably identified the GDPR as a key obstacle hampering European AI advancement, a view echoed by proponents of the new amendments. The package is also designed to reduce administrative burdens significantly, potentially saving European businesses up to €5 billion by 2029 and easing compliance especially for small and medium enterprises (SMEs).

However, privacy advocates and some EU member states express deep concern. Former GDPR architect Jan Philipp Albrecht described the proposed changes as “dramatically undermining European standards” of privacy, questioning whether this marks “the end of data protection and privacy as codified in the EU treaty and fundamental rights charter.” Privacy organisation Noyb’s founder Max Schrems criticised the Commission for circumventing regular legislative processes, warning that the reforms disregard sound lawmaking principles and could erode fundamental rights.

Member states are divided on the proposals. Estonia, France, Austria, and Slovenia oppose substantial GDPR rewrites, while Germany, usually among the most privacy-conscious EU countries, now supports reforms to facilitate AI development. This divergence signals challenging negotiations ahead. EU lawmakers and privacy groups also caution that the redefinition of “special category” data and personal data could narrow protection scopes, potentially excluding sensitive inferred data used in online advertising and automated decision-making.

The proposed amendments on cookie rules represent another critical shift, potentially allowing broader user tracking with fewer consent requirements, challenging existing strict rules upheld by German courts and others to protect user privacy. These changes would affect publishers, advertisers, and technology platforms, reshaping the data-driven marketing landscape in Europe.

Amid these regulatory changes, European data protection authorities have repeatedly intervened in AI deployments by major tech firms within the EU, highlighting the tension between innovation and privacy. Companies like Meta, Google, and OpenAI have faced regulatory scrutiny that delayed AI product launches in Europe, contrasting with their more unrestricted operations in the United States, where a comprehensive federal privacy framework comparable to the GDPR is absent.

Beyond AI and privacy, the broader Digital Omnibus package includes measures to simplify digital regulations overall, ranging from cybersecurity incident reporting to the digitalisation of physical requirements under the ‘digital by default’ principle. These steps support the EU’s ambition to foster innovation while upholding high standards of fundamental rights, data protection, and fairness in the digital economy.

Industry voices, such as Hildegard Müller, President of the German Association of the Automotive Industry (VDA), have welcomed the package as a vital move towards a more innovation-friendly regulatory environment. The Commission aims to reduce administrative burdens by at least 25% for all businesses and 35% for SMEs by the end of 2029, creating a leaner digital regulatory framework deemed essential for Europe’s competitiveness.

The comprehensive proposals will now face scrutiny and debate within the European Parliament and among member states, with no guarantee that all elements will pass intact. The contrasting positions across the EU illustrate the difficulty of balancing economic competitiveness with the continent’s long-standing commitment to data protection and privacy rights, which have set global standards since the GDPR’s introduction.

📌 Reference Map:

• ^[1] (PPC Land) – Core article content throughout
• ^[2] (Reuters) – Paragraphs on AI Act delay and broader Digital Omnibus context
• ^[3] (Reuters) – Paragraphs on easing rules for big tech, redefined personal data, cookie rules
• ^[4] (Council of the EU) – Paragraph on digitalisation and SME provisions under Omnibus
• ^[5] (European Commission) – Paragraphs on business savings and regulatory simplification goals
• ^[6] (VDA) – Industry perspective on innovation-friendliness of the package
• ^[7] (European Commission FAQs) – Overview of Digital Package contents and goals

Source: Noah Wire Services

Noah Fact Check Pro

The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.

Freshness check

Score:
8

Notes:
The narrative was published on November 23, 2025, detailing the European Commission’s proposed amendments to the GDPR to facilitate AI development. The earliest known publication date of similar content is November 19, 2025, when Reuters reported on the Commission’s ‘Digital Omnibus’ package, which includes these proposed changes. ([reuters.com](https://www.reuters.com/sustainability/boards-policy-regulation/eu-delay-high-risk-ai-rules-until-2027-after-big-tech-pushback-2025-11-19/?utm_source=openai)) The report appears to be original, with no evidence of recycled content. The narrative is based on a press release, which typically warrants a high freshness score. No discrepancies in figures, dates, or quotes were found. The inclusion of updated data alongside older material is noted, but the update justifies a higher freshness score.

Quotes check

Score:
9

Notes:
The narrative includes direct quotes from former Italian Prime Minister Mario Draghi and privacy advocate Max Schrems. A search reveals that these quotes were first used in the November 23, 2025, publication, with no earlier matches found. This suggests the quotes are original or exclusive to this report.

Source reliability

Score:
6

Notes:
The narrative originates from PPC Land, a niche publication. While it provides detailed information, the lack of broader coverage from more established outlets raises questions about its reliability. The report cites draft documents obtained by POLITICO, but access to POLITICO’s website is blocked by robots.txt, preventing verification of the original source. This limitation affects the assessment of the source’s credibility.

Plausability check

Score:
7

Notes:
The narrative presents plausible claims about the European Commission’s proposed GDPR amendments to benefit AI developers. These claims align with recent reports from reputable sources, such as Reuters, which also covered the ‘Digital Omnibus’ package and its implications for AI development. ([reuters.com](https://www.reuters.com/sustainability/boards-policy-regulation/eu-delay-high-risk-ai-rules-until-2027-after-big-tech-pushback-2025-11-19/?utm_source=openai)) However, the lack of direct access to the original draft documents and the reliance on a niche publication for the primary source introduce some uncertainty. The tone and language used are consistent with official EU communications, and the report includes specific details, such as the involvement of Mario Draghi and Max Schrems, which adds credibility.

Overall assessment

Verdict (FAIL, OPEN, PASS): OPEN

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary:
The narrative presents plausible claims about the European Commission’s proposed GDPR amendments to benefit AI developers, with direct quotes from Mario Draghi and Max Schrems. However, the reliance on a niche publication and the inability to verify the original draft documents raise questions about the source’s reliability. While the claims align with recent reports from reputable sources, the lack of broader coverage and direct access to the original documents introduces some uncertainty. Therefore, the overall assessment is ‘OPEN’ with medium confidence.