[overzicht] [activiteiten] [ongeplande activiteiten] [besluiten] [commissies] [geschenken] [kamerleden] [kamerstukdossiers] [🧑mijn] [open vragen]
[toezeggingen] [stemmingen] [verslagen] [🔍 uitgebreid zoeken] [wat is dit?]

Draft non-paper by the NL, (TBC) on the proposed far-reaching changes to the GDPR in the Digital Omnibus

Bijlage

Nummer: 2026D16486, datum: 2026-04-08, bijgewerkt: 2026-04-08 15:31, versie: 1

Directe link naar document (.docx), link naar pagina op de Tweede Kamer site.

Bijlage bij: Non-paper Digitale Omnibus – AVG (2026D16485)

Preview document (🔗 origineel)

Draft non-paper by the NL, (TBC) on the proposed far-reaching changes to the GDPR in the Digital Omnibus

We need to keep up the pace

Europe is on the right track towards making our rules simpler, more efficient and more effective. The ten omnibus proposals that have been presented since February, would lead to an estimated reduction of 11.9 billion euros in administrative costs, and more proposals are expected.

While this progress is promising, more needs to be done to simplify and streamline our rules, also for the digital rulebook. We cannot slow down if we want to live up to Mario Draghi’s recommendations to truly make the EU more competitive.

The digital rulebook strengthens the internal market, makes the Union more resilient, and has the potential to create a more favourable environment for innovation of digital technologies and infrastructure. To foster innovation, attract investment and realise the EU’s technological leadership, we must focus on decisive reforms that achieve tangible simplification and enhance legal predictability and efficiency in the digital domain while safeguarding core values.1 We must ensure the digital rulebook is implemented in such a way that it truly enables innovation and growth, while also upholding fundamental rights.

We therefore welcome the digital omnibus and its aim to simplify, clarify, and streamline digital legislation to lower administrative burden, while keeping the underlying objectives intact. Besides the omnibus, the Digital Fitness Check is an important step to assess the cumulative effects of the digital acquis, more practical tools and assistance should be provided to businesses, and European governance of the digital rulebook should become more streamlined and consistent. That is why we believe the negotiations in the Antici Group on Simplification (AGS) as well as further simplification efforts should continue swiftly, as was also underlined during the Coreper II meeting of February 25.

Need to remain focused

At the same time, we see a risk for a delay resulting from the Commission’s proposal to include some far-reaching changes in the Digital Omnibus. As underlined by the joint opinion by the European Data Protection Supervisor (EDPS) and European Data Protection Board (EDPB), a number of proposed changes to the General Data Protection Regulation (GDPR) seem to go beyond the objectives of simplifying, clarifying, and streamlining legislation and raise significant concerns about the level of data protection enjoyed by individuals, and hence fundamental rights, without clearly contributing to administrative burden reduction.2

While these changes are presented as tools to enhance competitiveness and make data rules simpler, clearer and more cost-effective for businesses, in reality, they go beyond this objective by touching the core of the EU-Charter right to data protection. As the GDPR applies to every individual and organisation that processes personal data – including government agencies and their processing of personal data of individuals – the proposed changes will have an effect on the protection of society as a whole.

More needs to be done to ensure that EU-Charter rights remain properly protected. Therefore, such potentially far-reaching changes following from the Commission’s proposal should be subject to sufficient discussion, scrutiny, and require a proper impact assessment.3 However necessary in light of the protection of fundamental human rights, this much needed scrutiny and discussion would undoubtedly risk delaying the negotiations about the digital omnibus as a whole.

A clean cut

For the sake of speed, discussions about the GDPR that go beyond the objective of simplifying, clarifying, and streamlining should take place outside the context of this omnibus. In that light, we welcome the progress and text proposals by the Council and the Presidency so far. Most importantly, the deletion of the proposed changes to the definition of personal data, Article 4(1), from the scope of the current proposal in the first Presidency compromise text allows for the discussion to truly focus on simplification again. Additionally, we welcome the deletion of articles 4(38) and 41a. Furthermore, we welcome that the Presidency has improved several articles, taking into account the EDPB/EDPS Opinion, for example Articles 12(5), 33 and 35.

The AGS of February 27th has illustrated the sensitivity of the outstanding articles. At the same time, many of the delegations still made scrutiny reservations. The combination of these two factors risks delaying the negotiations about the digital omnibus as a whole. Therefore, we propose the following process for the remainder of the negotiations:

  1. Ambitious and constructive negotiations about the Digital Omnibus in the Antici Group on Simplification, including changes to the GDPR to article 4(32), 4(33), 4(34), 4(35), 4(36), 4(37), 5(1)(b), 9(2)(l), 22, 33, 35, 88a, 88b, 4 ePrivacy Directive (deleted), and 5(3) ePrivacy Directive.

  2. Deletion of the proposed changes affecting fundamental rights from the scope of the Digital Omnibus, in particular the draft revisions of the GDPR. This includes the changes of the GDPR on article 4(1), 4(38), 9(2)(k), 9(5), 12(5) (if the original version from the Commission proposal is pursued), 13(4) (idem), 13(5), 41a, and 88c. Legislative changes with such broad implications for fundamental rights require a process that addresses all aspects and closely considers all its consequences, including by impact assessments, stakeholder consultations and based on the opinion of the EDPB and EDPS.

  1. Non-paper on European Strategic Competitiveness by Estonia, Finland, Latvia, Lithuania, Netherlands and Sweden 5 February 2026.↩︎

  2. EDPB-EDPS Joint opinion 2/2026 on the Proposal for a Regulation as regards the simplification of the digital legislative framework (Digital Omnibus) 11 February 2026.↩︎

  3. The EU Court of Justice ruled that an impact assessment can only be skipped if the EU legislature has enough information to evaluate whether a measure is appropriate. The Interinstitutional Agreement on better law-making also prescribes that an impact assessment is needed to adequately assess the effects of the proposed changes on data protection and on reducing the regulatory burden.↩︎