European Commission Proposes Revising AI Rules and Data Privacy Laws

TLDRs;

• EU proposes delaying high-risk AI rules until 2027 while revising data privacy regulations.
• Personal data definition may narrow, enabling broader AI training under “legitimate interest.”
• Cookie consent banners could be removed, shifting tracking responsibility to users.
• Privacy advocates warn EU changes could weaken digital rights protections across the bloc.

The European Commission is preparing to propose significant changes to its digital regulatory framework, which could reshape how companies in Europe handle artificial intelligence and personal data.

Among the planned reforms is a one-year pause on several high-risk AI rules, potentially delaying their enforcement until 2027. The move comes amid debates over the balance between innovation and user privacy, with lawmakers and stakeholders expressing mixed reactions.

The revisions aim to create a more flexible regulatory environment for AI development. By delaying strict obligations, the EU hopes to give businesses additional time to adapt to new compliance requirements. However, some lawmakers have voiced concerns that postponing these rules could leave gaps in consumer protections during the interim.

Narrowing Personal Data Definition

Another key aspect of the proposed changes involves redefining what qualifies as personal data. The commission plans to narrow the scope, which may allow companies to process more information for AI training without explicit consent.

Under the revised framework, firms could rely on the “legitimate interest” clause in the General Data Protection Regulation (GDPR) to justify data usage, as long as their business needs do not override individual rights.

This shift could have broad implications for data tracking and profiling. Certain pseudonymous identifiers, such as cookies or advertising IDs, may no longer be classified as personal data, enabling more extensive analytics while avoiding direct identification of users. While businesses may welcome the flexibility, privacy advocates argue it risks undermining fundamental digital rights.

Cookie Consent Changes

The European Commission is also considering removing mandatory cookie consent banners, a move that would fundamentally alter online tracking practices. Instead of opting in, users would have the ability to object after data collection begins.

Media companies and advertisers could continue requiring consent for personalized advertising thanks to specific carve-outs in the proposed regulations.

This adjustment signals a potential pivot in privacy-focused technologies. Vendors could develop contextual advertising solutions or next-generation consent tools aligned with the new baseline, reducing reliance on traditional consent management systems. Businesses using automated compliance software may also shift toward documenting legitimate interest processes rather than securing explicit approvals.

Industry and Advocacy Reactions

Privacy groups and over 127 organizations have warned that these proposals may weaken digital protections, especially for high-risk AI applications.

Concerns revolve around increased tracking, profiling, and a potential erosion of user autonomy online. Meanwhile, companies operating in AI, digital marketing, and media have largely welcomed the flexibility, citing reduced operational burdens and clearer frameworks for compliance.

The formal proposal is expected on November 19, with enforcement planned in 2027. Both the European Parliament and member states will need to approve the changes before they take effect, and debates over their scope and impact are likely to continue in the coming months.

The post European Commission Proposes Revising AI Rules and Data Privacy Laws appeared first on CoinCentral.