A comprehensive analysis of the European Commission's Digital Omnibus proposals

In a series of six blog articles, international law firm TaylorWessing outlines the key changes to EU digital and data legislation contained within the Digital Omnibus proposals. 

• The first article provides a high-level summary of the various changes to the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, the Data Act, and the Artificial Intelligence Act (AI Act). In addition, the article looks at efforts to reduce compliance burdens through initiatives such as a single-entry point for incident reporting, along with repealed and additional measures. 
• The second article focuses on changes particularly relevant to AI development and data-intensive research, including what counts as personal data, the new definition of scientific research, special category data, and legitimate interest in AI contexts.
• The third article considers what the proposed changes mean for the EU single data market.
• The fourth article examines changes to the AI Act, including the consolidation of regulatory power, the removal of the duty on providers and deployers of AI systems to ensure sufficient levels of AI literacy, the relaxation of classification criteria for high-risk AI systems, the delay of transparency requirements, and other carve-outs and conflicts. The article also looks at the practical impact on real-world testing of high-risk AI systems.
• The fifth article, which covers the recalibration of the GDPR and the ePrivacy Directive, addresses the changes to consent collection, consent mechanisms, browser-based consent management, and the practical implications for the digital advertising ecosystem.
• The sixth article deals with incident reporting and overcoming the challenges posed by fragmented, overlapping reporting obligations. Here, the article looks in more detail at a single Entry Point for incident reporting, which aims to facilitate a "report once, share many" approach, through the adoption of standardised templates, aligning reporting thresholds with the GDPR, and extending GDPR reporting timelines.

Training Announcement: Find out more about our range of independent accredited data protection and AI governance qualifications from IAPP and BCS.