EU AI Act: Possible GDPR Revisions and Tech Rules Relaxation

Published Date : 11/11/2025 

The European Commission is considering significant amendments to the AI Act, which could expand the use of biometric technologies and loosen GDPR restrictions. These changes, driven by pressure from U.S. tech companies, are set to be decided on November 19. 

The European Commission is currently deliberating on major amendments to the AI Act, amidst intense pressure from U.S. tech companies and the Trump administration. The proposed changes, scheduled for a decision on November 19, could significantly expand the commercial and public use of biometric technologies across the EU. This digital omnibus is expected to water down many of the Act’s tech regulations.

The draft proposal suggests pausing and softening parts of the AI Act and loosening some GDPR restrictions. The aim is to reduce red tape across overlapping rules. According to Politico, officials are preparing far-reaching changes to GDPR that would benefit AI developers. These changes would include permitting broader reliance on “legitimate interest” for data uses that currently face tighter limits.

This would make it substantially easier for technology companies to collect and reuse images, video, and other personal data to train biometric models such as facial recognition systems. Companies like Google, Meta, and OpenAI would be allowed to use Europeans’ personal data to train AI models by claiming legitimate interest. Additionally, firms could be exempted from the ban on processing special-category data when required to avoid disproportionately hindering AI development, provided they can detect and remove sensitive information.

However, these final changes to the AI Act still require Commission sign-off and approval by member states and the European Parliament. Jan Philipp, a former European Parliament member who was a major contributor to the drafting of GDPR, has expressed concerns about the amendments. He questioned whether they mark the end of data protection and privacy as the EU has known it. “The Commission should be fully aware that this is undermining European standards dramatically,” he said.

Austrian privacy group Noyb, which has previously challenged data transfer deals between Europe and the U.S., has also voiced strong opposition. Noyb’s founder, Max Schrems, stated that the draft Digital Omnibus proposes “countless changes” that would amount to “death by a thousand cuts” to GDPR. “This would be a massive downgrading of Europeans’ privacy 10 years after the GDPR was adopted,” Schrems said in a statement.

The EU has been hesitant in introducing the AI Act, with deadlines being missed due to differing views among bloc representatives. Despite these delays, the potential changes are generating significant debate and concern, especially regarding the future of data protection and privacy in the EU.

In summary, the proposed amendments to the AI Act and GDPR are poised to have far-reaching implications for both the tech industry and consumer privacy. As the decision approaches, stakeholders on both sides are preparing for a critical moment that could redefine the digital landscape in Europe. 

Frequently Asked Questions (FAQS): 

Q: What is the AI Act?

A: The AI Act is a proposed regulation by the European Commission aimed at regulating the use of artificial intelligence in the EU. It seeks to ensure that AI systems are safe, transparent, and respect fundamental rights.

Q: What changes are being proposed to the AI Act?

A: The proposed changes include expanding the use of biometric technologies, softening some GDPR restrictions, and allowing broader reliance on 'legitimate interest' for data collection and use.

Q: How will these changes affect GDPR?

A: The changes could loosen some GDPR restrictions, making it easier for companies to collect and reuse personal data for AI training, and permit broader reliance on 'legitimate interest' for data uses.

Q: What is the role of the European Commission in these changes?

A: The European Commission is considering and preparing the proposed changes, which still require sign-off by the Commission and approval by member states and the European Parliament.

Q: What are the concerns raised by privacy groups?

A: Privacy groups, such as Noyb, are concerned that the proposed changes could significantly undermine data protection and privacy standards in the EU, potentially leading to a 'death by a thousand cuts' to GDPR. 

More Related Topics :