Activists Accuse EU of Undermining GDPR in Favor of Big Tech with Digital Reforms

Loopholes in upcoming EU digital reforms could tip the balance further in favor of tech giants.

Big changes loom for the General Data Protection Regulation

The European Commission (EC) has drafted sweeping amendments to the GDPR, poised to launch the so-called “Digital Omnibus” legislative package on November 19.

According to a leaked overview shared by the privacy advocacy group NOYB, the proposed changes would include freedom for companies to process pseudonymized personal data with significantly reduced safeguards. Under the current GDPR, pseudonymized data is still treated as personal data and protected accordingly. The new draft would remove this guarantee, broadening the scope for online tracking, advertising and data-brokerage activity.

Activists argue that this approach undermines decades of work to elevate individuals’ control over their online data, and the EC spokesman said the aim is to “make the GDPR more operational, not weaken it.” Yet critics note that no formal decision has yet been made, leaving the outcome uncertain.

Rights, access and sensitive data under fire

One of the most controversial elements tucked into the reform is a proposed “purpose limitation” clause that would curtail individuals’ rights to access or correct their information. NOYB warns that this change could allow employers, for instance, to deny access claims as “abusive,” which would affect workers, journalists and researchers.

Moreover, amendments to Article 9 protections, covering sensitive data such as health status, political beliefs and sexual orientation, would shift enforcement to only when such characteristics are “directly revealed.” Inferred data would escape those protections, potentially enabling discrimination via predictive algorithms or behavior-based profiling.

AI rules and Big Tech’s lobbying dividends

The upcoming package also touches on the Artificial Intelligence Act, the focus of intense lobbying by major technology firms. The draft could allow AI systems to process data under “legitimate interest” rather than the stricter legal basis originally envisaged, thus favoring AI technologies over traditional data-processing tools. NOYB labels this as “grotesque,” arguing that it abandons the GDPR’s tech-neutral design.

Consequently, if these reforms pass, companies could get a free pass at releasing AI models that train with large volumes of personal data, while the safeguards for conventional processing remain tighter. This imbalance could lead to Big Tech dominance in Europe and beyond.

Take control of your online privacy

As legal protections shift and the regulatory landscape grows more complex, people should take proactive steps to guard their online data. One such measure is the use of a trustworthy VPN solution. Bitdefender VPN offers unlimited encrypted traffic across multiple devices, a strict no-logging policy and access to servers spanning more than 100 countries.

These features help cloak your IP address, encrypt your online activity (especially on public Wi-Fi networks) and reduce your digital footprint, providing an additional layer of anonymity in an era of weakened data-protection oversight.