The EU's proposed "digital omnibus" legislation, presented as simplification, is argued to be a significant erosion of privacy protections, potentially allowing AI companies to use sensitive data and enabling remote device access without consent, with global implications for digital rights.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
In four days, literally four days, the EU commission releases something called the digital omnibus.
They're calling this digital simplification, but it's actually an attack on privacy on pretty much all fronts.
This video will give you all the information you need to understand what's going on
and why this is going to narrow your privacy protections.
It's going to let AI companies train on your most sensitive data.
It will enable remote access to your devices without your permission.
Let's get into it.
Noib has won some legal battles against Facebook under GDPR,
and they've done a lot of good work in this space.
They analyzed leaked drafts under this digital omnibus.
The overview of the changes that they talk about.
One, there's a new loophole via pseudonyms or IDs.
The commission plans to narrow the definition of personal data,
which would result in a GDPR not applying in many cases.
The plan is to add a subjective approach in the text of the GDPR,
which means that if a specific company cannot identify a person,
The data is not personal for that company, and the GDPR just doesn't apply anymore.
Currently, the GDPR protects data that could identify you,
even if it's pseudonymous or anything else that you want to create out there that's not directly tied to you.
But this change pretty much says if they can't tie personal data to a specific name,
it's not even personal data anymore.
So if your device has tracking data that claims to be anonymized and not tied to a person, that's not personal.
Your health data tied to a device ID, perhaps not personal anymore.
And in that article from NOIB, which of course I'll leave below, they leave a PDF, which does a very, very thorough and good job of breaking down the differences.
Now from the same article, there's a second big change, which is that by German demand,
to limit the use of data subject rights like access to data, rectification, or deletion to data protection purposes only.
Conversely, this means that if an employee uses an access request in a labor dispute over unpaid hours, for example,
to obtain a record of the hours they have worked, the employer could reject it as abusive.
The same would be true for journalists or researchers.
Noib uses some pretty concerning examples
of why this is bad.
So if a person asks to delete false credit ranking data
to get a cheaper loan at the bank,
such a right to rectification,
because it's correcting data,
on a false financial information
may not be exercised purely for a data protection purpose,
but out of economic interest.
Even cases like the famous right to be forgotten
may not be seen as a data protection interest
if the person demanding deletion of public data
does so in a business interest.
And Neube already says that the GDPR already has limitations for the abuse of use of the GDPR rights
and that this isn't really solving that.
It's just opening things up for abuse on the other end,
which is for companies and things that we'll cover later in the video.
Continuing on, the commission's draft also foresees changes to Article 6(1) and 9(2) of GDPR
to allow the processing of personal data for AI.
This means that a high-risk technology fueled by people's most personal thoughts and sensitive data,
it's talking about AI, gets a general okay under the GDPR.
At the same time, every traditional database or CCTV camera stays strictly regulated,
which is super interesting because right now we're seeing some of the largest privacy invasions from AI companies.
The bottom line here is that Google, Meta, Microsoft, OpenAI, etc.,
all of these tech companies can continue to make trillions with data that was generated by European companies,
artists, or private individuals while getting a free pass by the European legislature.
To continue this, Article 9 of GDPR specifically protects sensitive data regarding your health,
political beliefs, sex life, sexual orientation, or trade union membership, etc. They're now trying
to limit Article 9 protections only if such sensitive information is directly revealed.
What this is getting at is that if I tell an AI model I am pregnant, that is still protected. But
if I start talking about, oh, I'm looking for baby diapers, I'm looking for this, I'm looking for that,
then that's not protected. This allows big tech companies to continue surveillance capitalism and
and tie all these data points together to still track you.
Noi puts it perfectly,
filtering for I am pregnant is easier than filtering
the thousand signals that allow Meta or Google
to figure out that a person is pregnant.
And that's exactly what this is designed to do.
It's to give you less rights
and to make it easier for companies
to still continue tracking you with no consequences.
Fun fact about this to really seal this point home,
a lot of people think that their devices
are listening to them.
They turn on their microphone,
they see an ad on Instagram
for something they just talked to a friend about.
But the reality is actually much scarier than that.
There is absolutely no evidence, and there's been multiple studies and people who've tried to prove this now,
that the microphone has ever turned on.
What's actually happening is that Meta and Instagram have so many signals about different things in your life
that these are all just pure coincidences based on the fact that they're able to track you around the internet
and tie so many data points together to just understand you that well as a person.
That is how creepy this stuff goes, and that is no longer apparently protected under GDPR,
which would give you better privacy protections against this.
And the cherry on top of this awful cake
is that e-privacy has protected users
against remote access of data stored on terminal equipment
like computers or smartphones.
This is based on the right to protection of communications
under Article 7 of the Charter.
But the new commission proposal now allows,
depending on the reading of the draft,
up to 10 legal bases to pull information
from a personal device like your phone.
Or it can even place tracking technology
on your device like a cookie.
The problem is the wording here is very permissive and would allow excessive searches on user devices for security purposes,
which, as we've seen, can be bad with things like Google trying to stop sideloading because of security purposes.
I did more coverage on that if you want to try to take back some Android freedom.
In combination, this leads to absurd results.
AI training would be a legitimate interest, and companies can now remotely access personal data on your device for such a legitimate interest.
Consequently, it would be a possible reading of the law that companies such as Google can use data from any Android apps to train its Gemini AI.
Especially big tech companies would very likely have an even more expansive reading of the draft text.
It is questionable whether the authors of the draft law have ever thought about these combinations.
Again, I highly recommend going through their draft analysis because it covers all of the changes word for word and you can see exactly what this stuff looks like.
TechPolicy.press did some really good coverage of kind of recapping everything that Noib did,
but they also add some good context behind why the GDPR sets a global standard for privacy,
which has influenced California's privacy laws, Brazil, India, etc.
And if Brussels reverses course, this ripple effect will change literally the whole world.
They talk a lot about what we just talked about,
and then something I really want to outline here is that privacy advocates have criticized the fast-track progress.
The GDPR itself, which has all these protections in place, took years to negotiate,
But this omnibus only concluded in October, and according to Noib, some Brussels units had just five working days to review a 180-plus page draft.
Robin Bergen said, quote,
American tech monopolies and intelligence agencies are the biggest beneficiaries of the surveillance economy,
and these changes strengthened their hand to instead actively sabotage European businesses and national security.
I put this whole video together about Denmark trying to pass chat control 2.0 last minute,
even after we already won a chat control for now.
But by the time the video is ready to publish, they already withdrew the chat control aspect of it.
But they've been trying to do age verification for a long time now,
and that is still on the table in Denmark.
These age verification systems are being piloted across Europe and the rest of the world.
The UK has already passed some.
Many US states are looking to pass this, Canada, etc.
And this is all about proven identity, verifying who you are,
and makes it so that all the things that you do online
are tied to you as a person.
But the digital omnibus doesn't really mention age verification.
There's no further protections in place
for all of you because of it.
So these things actually work together
very beautifully in a bad way.
And when we start throwing in other stories
of how Google's trying to lock down Android
and all these other things happening
in the digital rights space,
we see this overall clampdown.
And if you're on a device that you can't sideload apps,
and now we have these new regulations in place,
you have fewer and fewer options to opt out of the system that's being designed.
This is just more pattern recognition on my end about these regulatory changes,
but the pattern is real and it's worth understanding
and it's important to see how it's happening from all angles.
This is huge and the EDI is another great organization that did coverage about this
and I love how they said it's a point of no return and it is true.
Once the GDPR is weakened this fundamentally,
it's nearly impossible to rebuild those protections again.
Companies are going to argue, well, you're allowing this now,
Why does this change?
We're going to have lobbying get involved.
So this is going to be very hard to come back from if any of it passes.
And over 100 civil society organizations, trade unions, and defenders of the public interest
have joined together to urge the European Commission to immediately halt any attempts
to reopen the GDPR, ePrivacy Framework, AI Act, or other digital rights protections.
That's how serious this is.
So I have some timelines here that I'd like to share before we get into what you can do
to help fight all of these different things.
First, November 19th, which at the time of recording is four days from now, they are going to officially present this digital omnibus.
And hopefully now you're better educated and you know what to expect.
And we'll see what changes there are between that and the leaked version that we saw.
Between December and early 2026, there's going to be a negotiation period where all of us are going to have a lot of influence.
So be ready for that time period.
Kind of a loose estimate seems to be around March of next year.
There might be some parliament votes and then after a vote, implementation would begin.
All right, so what can you do? Let's talk about actionable stuff now that you have all of the
context. First, this sounds hopeless. It's not. Last time we talked about chat control two months
ago, I got so many comments from all of you that were going, well, there's no point. It's going to
pass anyway. I don't even know why I should bother with this. Well, guess what? Chat control did not
happen because of so much public outcry. So please use that as a lesson and also a reminder that your
voice matters and everything you guys are doing really does make an impact. First, action one,
we need to understand the threat. This is pretty overall undiscussed and somewhat new,
and it's about to likely change in a few days, but we have a little bit of context now.
You understand the changes that's already above 95% of the population, so you're doing a great job.
So share this understanding with at least one person, with your network, with your representatives,
whoever. You can share this video, you can find other resources you liked or the ones that I have
in a description. Action number two is to follow the people who are really highlighting these issues
right now, which I would say seem to be the EDRI. They did some great coverage here, and they even
say to stay tuned for their official updates on November 19th. NOIB surely will as well. Of course,
links to these articles, which are on their websites, are linked in a description as well,
so please bookmark and follow them via RSS or wherever else you want to follow them to keep
up with that. Action item three, support these organizations when you can. They're doing some
amazing work. NOIB is right there. You can become a member. It's on the same article. And the EDRI,
you can also join as well and support them. Action item four, contact your representatives.
Search my MEP plus your country. So let's say France. Apparently brave search isn't very good
for European search terms. So here we go. And you can go ahead and directly contact them and tell
them the digital omnibus threatens fundamental rights. Please oppose it unless major changes
are made. Feel free to expand, get personal. If you write it in your native language and you write
to your local representative, that's probably the best thing that you can do. That is potentially
five minutes of your time with massive real world impact. I'm not exaggerating. They track email
volume on specific legislation, so that does influence votes. And action item five, document
and monitor everything that's going on. I will surely continue to make videos on this so you can
stay subscribed to Techlore. You can join our forum where we'll also have conversations about
this as well. You can follow some of these digital rights organizations on any social media platforms.
So just do your best to stay informed on any updates because there will surely be updates in
the coming weeks, days, and months. I did that in the wrong order. And of course, if you're outside
of Europe, all these action items still apply. You can still contact your representatives and say,
hey, I support this. I don't support this. If you're in Texas, you have a lot of work you should
be doing right now, if you haven't seen the coverage for Texas that I just made. And regardless,
what happens in the EU impacts everywhere else. The EU has set the standard for global privacy
regulation, which has inspired California to do the same, Brazil, India. And when the EU weakens
their laws, it's going to then weaken global laws and our approach to this. And it's a huge step
backwards. If Europe abandons this, the default becomes surveillance is legal, privacy is
negotiable, and we don't want to be in that situation. So to recap everything, the digital
omnibus releases November 19th. The resistance starts right now in your conversations, in your
networks, your pressure on representatives. Understand what's changing, share it around,
support the orgs I just talked about, contact your representatives, and stay engaged. Stay
subscribed for updates. You can join our forum down below as well. It's free to join, and please
share this around with someone who might see it. And if you want to support us here at Techlore,
You can support us via subscriptions on Stripe, Patreon, PayPal, here on YouTube even.
And you can also give us tips.
We also support Monero.
And if you want to check out some other cool Techlore content, I actually talk a lot about
encrypted services.
So if you're not really using many encrypted services, that's a great starting point.
And that's a great way to get into this space.
See you there.
And don't forget to get active.
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
