We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.

EU bodies urged to reject commission’s GDPR change
Brussels European Quarter Pic Shutterstock
12 Feb 2026 data law Print

EU bodies urged to reject commission’s GDPR change

Europe’s main data-protection bodies have urged EU bodies not to adopt a change to the GDPR proposed by the European Commission.

The commission’s Digital Omnibus Package, unveiled on November, included a proposal to amend the definition of ‘personal data’ under the GDPR.

In a joint opinion yesterday (11 February), the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) said that the proposed changes went “far beyond” a targeted or technical amendment of the GDPR.

CJEU jurisprudence

“In addition, they do not accurately reflect and clearly go beyond the CJEU [Court of Justice of the EU] jurisprudence, and they would result in significantly narrowing the concept of personal data.

“The European Commission should not be entrusted to decide by an implementing act what is no longer personal data after pseudonymisation, as it directly affects the scope of application of EU data-protection law,” the bodies stated.

They called for “fine-tuning” of some of the commission’s AI-related measures for greater clarity.

The opinion backed some other proposals in the commission’s simplification package – including an increase of the threshold of risk leading to the obligation to notify a data breach to a national data-protection authority and the extension of the deadline to submit such a notification.

Consent fatigue

The bodies also “strongly support” plans to address internet users’ consent fatigue and the proliferation of cookie banners.

“Simplification is essential to cut red tape and strengthen EU competitiveness – but not at the expense of fundamental rights,” said EDPB chair Anu Talus.

“We strongly urge the co-legislators not to adopt the proposed changes in the definition of personal data, as they risk significantly weakening individual data protection,” she added.

The EDPB, which ensures that the GDPR is applied consistently, comprises the heads of Europe’s national data-protection authorities.

The EDPS is responsible for data-protection issues linked to the processing of personal data by EU institutions and bodies.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland

Content related to data law

data law
Microsoft faces ICCL data complaint on Gaza

Tech ‘enables mass surveillance of Palestinians’

data law
GDPR breach doesn’t automatically pay out

Apology and remedial action mitigates liability
data law
CCPC registers first ‘data-altruism’ body

Go-ahead for DCU energy initiative under EU act
data law
EU bodies urged to reject GDPR change

Overreach ‘narrows personal-data concept’

Copyright © 2026 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.