The European Union's push to streamline its digital regulations is sparking a fierce debate over whether simplification actually means deregulation. The Digital Omnibus Package, a sweeping legislative initiative designed to reduce administrative burden on businesses, is now facing criticism from human rights organizations who argue it could fundamentally weaken the protections that safeguard EU citizens from invasive data collection and discriminatory AI systems .

What Is the Digital Omnibus Package and Why Does It Matter?

The Digital Omnibus Package consists of two main legislative acts: the Digital Omnibus on AI and the Digital Omnibus Regulation. The European Commission introduced this framework to address a growing problem: digital regulations across EU member states have become increasingly fragmented and complex, with multiple overlapping laws creating confusion for companies and uncertainty for citizens . The package aims to create a more cohesive set of rules governing everything from business transactions to communications, while also reducing the administrative pressures companies face when navigating the General Data Protection Regulation (GDPR), the Data Act, and the ePrivacy Directive.

On the surface, the initiative sounds reasonable. Fewer rules, clearer guidelines, and less bureaucratic friction could help European tech companies compete globally while still maintaining protections for fundamental rights. But advocacy groups and human rights organizations are raising alarm bells about what gets lost in the simplification process.

How Could Simplification Actually Weaken Data Protection?

The core concern centers on how the Digital Omnibus Package would redefine and reshape existing protections. According to human rights researchers, the proposed amendments include substantive changes to how personal data is defined, a move that could significantly weaken established safeguards . These changes would potentially allow the largest technology companies to broaden their data collection for AI training and operation without the same level of scrutiny they face today.

The implications are significant. The GDPR currently functions as the definitive legal framework for protecting personal data, establishing how organizations must collect, process, and secure information. But under the proposed Digital Omnibus revisions, individuals would lose key protections:

• Right of Access: Citizens would find it increasingly difficult to exercise their fundamental right to know what personal information companies hold about them and how that data is being used.
• Transparency Requirements: The proposed changes would remove the mandate for companies to publish risk assessments for high-risk AI systems, allowing technology firms to define their own risk profiles without external scrutiny.
• Accountability Mechanisms: Individuals would have fewer tools to monitor, challenge, or contest how their information is being exploited by both corporate and independent organizations.

Advocacy organizations argue that this "simplification" process effectively serves as a deregulation initiative likely to benefit commercial interests over citizen protection. The concern is not theoretical; it's grounded in documented cases of AI misuse across Europe.

What Real-World Harms Could Result From Weaker Protections?

The risks become clearer when examining how AI systems are already being deployed across Europe. Amnesty International has documented multiple cases where legally permitted AI applications violated human rights, particularly affecting vulnerable populations . These examples include facial recognition technology being used to target peaceful assemblies such as Pride Marches in Budapest and Pecs, Hungary; AI systems surveilling the movements of refugees and migrants; and fraud detection algorithms integrated into digital welfare systems that discriminated against vulnerable groups including ethnic minorities, low-income demographics, and displaced persons across several EU member states including Denmark, France, Sweden, and the Netherlands.

These aren't edge cases or theoretical concerns. They represent patterns of how AI can be weaponized against marginalized communities even when used within the bounds of national law. Existing digital rights regulations within the EU, despite their gaps, provide indispensable protections against such systemic violations because they adhere more closely to human rights principles than some national regulations alone.

If the Digital Omnibus Package removes these protections, the risk of similar abuses could increase significantly, particularly for people with disabilities and members of the LGBTQIA+ community, who advocacy groups say are more likely to be harmed by diminished privacy and anti-discrimination safeguards.

Steps to Understand How the Digital Omnibus Could Affect You

• Monitor Your Data Rights: Understand what personal information companies collect about you and how they use it for AI training; the Digital Omnibus changes could make this harder to track.
• Follow Legislative Progress: The European Commission's proposals are not final; the European Council and European Parliament will negotiate further terms, with Parliament beginning to resist the most problematic provisions.
• Engage With Advocacy Groups: Organizations focused on human rights and digital privacy are actively opposing the weakest aspects of the package and can provide updates on how the rules may change.

The Human Rights Research Center (HRRC) acknowledges the European Union's efforts to establish more cohesive digital rules across its territory, but emphasizes that any policy must adhere to principles found in international human rights law . This represents the core tension: can the EU simplify its regulatory framework without sacrificing the protections that make those rules meaningful in the first place?

The debate is far from settled. The European Commission's legislative proposals will undergo further negotiations with both the European Council and the European Parliament, which are beginning to resist the most problematic provisions within the AI Omnibus. The outcome of these negotiations will determine whether the Digital Omnibus Package becomes a tool for genuine simplification or a backdoor for corporate interests to access and exploit European citizens' data with minimal oversight .