If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. After years of frustration with those ceaseless cookie pop-ups, Brussels has finally proposed a fix. Hidden deep within the European Commission’s sweeping new “Digital Omnibus” proposal is Article 88b, a technical update that could make those consent banners a relic of the past. Browsers or devices would automatically communicate whether users agree to tracking, removing the need to click “accept” on every site visit. The banners have been annoying and it sounds like a victory for usability. But the rest of the Commission’s package tells a more complicated story, one where privacy safeguards built over the past decade are at risk of being quietly rewritten. The Digital Omnibus is not a single law but a dense collection of updates that cut across the European Union’s flagship privacy and AI frameworks. It proposes amendments to the General Data Protection Regulation (GDPR), the ePrivacy Directive, and the EU AI Act. Together, these documents have long been regarded as the legal backbone of Europe’s data protection regime. The Commission frames the Omnibus as modernization. Officials argue that Europe needs a more “innovation-friendly” regulatory environment to compete with the United States and China in AI and digital services. Alongside these reforms comes a European Business Wallet, a kind of digital ID for companies designed to streamline online verification and compliance. The Commission also introduced a European Data Union Strategy, intended to expand access to data for AI training and analytics. It describes this as a way to “scale up the European data economy.” There’s no doubt that Europe is falling behind the US and China on AI innovation, but, looking closely though, the language could easily be seen as a prelude to mass data pooling with insufficient privacy safeguards. Civil society groups responded with alarm. European Digital Rights (EDRi), a long-standing advocate for strong privacy protections, warned that the Omnibus would “allow data processing without consent for AI development and operation” by altering GDPR Article 9(2) and introducing a new Article 88c. That change would let companies process even “special categories” of data, information revealing health status, religion, political opinion, or sexuality, if they claim a “legitimate interest.” Under the current GDPR, such data is tightly protected and can only be processed under very specific conditions. EDRi also flagged a series of other rollbacks: The removal of explicit consent for accessing data on devices, such as cookies and app usage, effectively folding ePrivacy protections into looser GDPR provisions. A narrowing of data breach reporting requirements to only “high-risk” cases, giving companies more time to report. Optional transparency for companies, as the proposed text amends Articles 12, 13, and 15 to allow firms to withhold certain information about how they process user data. A weaker definition of personal data itself, softening the foundation of the GDPR’s protections. noyb, the privacy group founded by activist Max Schrems, was more blunt. The proposed reforms, it said, would “massively lower protections for Europeans” and reduce user rights “to almost zero.” The organization argued that the changes “create loopholes that only benefit US Big Tech companies and don’t provide any benefit for small and medium-sized European businesses.” The European Business Wallet is a core part of the Commission’s digital identity agenda. It promises efficiency, a single, verifiable credential system for cross-border business operations. But for many privacy experts, it also signals the rise of a new layer of digital surveillance. Digital IDs increase the risk of tracking and blacklisting. If every transaction and authentication flows through a centralized identity layer, governments and corporations could gain new insight into corporate behavior and, indirectly, into the individuals behind these firms. The Commission insists the system will include “robust privacy safeguards,” yet details remain scarce. The European Data Union Strategy has received less scrutiny so far, though it may ultimately be the most consequential piece. It aims to scale up access to European datasets for AI research, public services, and industry collaboration. If privacy rules are relaxed in favor of “legitimate interests,” the strategy could effectively grant governments and corporations a freer hand to repurpose citizen data for algorithmic training. That vision might appeal to policymakers chasing competitiveness, but could erode the very rights that set European data governance apart. The Commission’s proposals are still in draft form and will be debated by the European Parliament and Council before adoption. Implementation of the Business Wallet is expected over the next two years, and the automatic consent mechanism for cookies will depend on the development of new technical standards. That automatic consent feature may well end one of the web’s great user experience blunders. Yet the broader trade-off is harder to ignore. If the price of fewer pop-ups is a system that weakens consent, dilutes transparency, and broadens state and corporate access to data, Europe could find itself undoing much of what made the GDPR a global benchmark. The Digital Omnibus offers a glimpse into a future where convenience and innovation take precedence over privacy. Whether that future aligns with Europe’s values will depend on how fiercely lawmakers and citizens are willing to defend them. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post EU Digital Omnibus Promises Fewer Cookie Banners but Expands Digital ID and Loosens Privacy Rules appeared first on Reclaim The Net.