GDPR Erosion: Federal Council Heavily Criticizes EU Digital Omnibus

Summary

On Friday, the Federal Council criticized the EU Commission's draft Digital Omnibus Regulation. The legislative package is intended to simplify network policy regulations and promote innovation. However, the chamber of states warns of unintended consequences: the planned change to the GDPR definition of personal data could lead to more legal uncertainty, not less. The Federal Council views new requirements for autonomous driving, AI use in law enforcement, and consumer protection as particularly problematic.

Persons

• Stefan Krempl (Author)

Topics

• Data Protection (GDPR)
• EU Regulation
• Artificial Intelligence
• Autonomous Driving
• Consumer Protection

Clarus Lead

The Federal Council signals resistance to a central EU regulatory project that is supposed to promise deregulation. The warning hits a core conflict: simplified rules without clear definition lead to more legal uncertainty, not less – an irony that European lawmakers frequently underestimate. For innovative sectors such as the automotive industry and security authorities, the package could actually brake innovation if practical requirements (e.g., consent from millions of pedestrians) cannot be met. Pressure on the EU Commission is mounting to fundamentally revise the initiative.

Detailed Summary

The Federal Council identifies a structural problem in its two statements: the planned redefinition of personal data in the GDPR shifts the standard from objective criteria to subjective characteristics of the processing entity. Specifically, pseudonymization is emphasized more strongly. In multi-stage processes, this vagueness means it remains unclear who falls under the strict GDPR rules – a legal uncertainty that moves companies toward withdrawal from data-driven business models rather than toward more innovation.

A second point of criticism concerns autonomous driving and AI. The automotive industry requires gigantic quantities of image and video data from real road traffic to develop assistance systems (emergency braking, lane-keeping assistants) and autonomous systems. The current regulatory text requires consent from every captured pedestrian – factually impossible. The Federal Council warns: without this training data, autonomous systems cannot reliably recognize vulnerable groups (children, people with disabilities). The safety level decreases for all road users. The states are calling for a legally clear regulation that also covers conventional assistance systems.

In the criminal prosecution sector, the Federal Council criticizes new documentation and proof obligations for high-risk AI systems. The bureaucratic burden could hamper the use of AI in police work – while authorities are already subject to parliamentary and judicial oversight. The states are calling for expanded exemption provisions and a balance between rule of law and operational efficiency.

On consumer protection, the Federal Council criticizes a lack of manufacturer and provider responsibility. It is not enough to burden end users or small and medium-sized enterprises with complex data protection settings. Digital services must be data protection compliant from the outset (Privacy by Design).

Key Statements

• The Federal Council warns of legal uncertainty caused by the planned redefinition of personal data in the GDPR.
• Consent requirements for autonomous driving are practically impossible and endanger traffic safety.
• New bureaucracy for AI in police work could block innovation without improving fundamental rights protection.
• Manufacturers, not end users, should be responsible for data protection-compliant standard solutions.

Critical Questions

1. Evidence: On what data basis does the Federal Council quantify the "gigantic quantities" of video training data required for autonomous driving? Do studies exist on the minimum data size?

2. Conflicts of Interest: Are the states speaking primarily in the interest of the automotive industry and security authorities, or is an independent analysis available? How is the Federal Council's position financed?

3. Alternatives: Could synthetic training data, consent at vehicle purchase, or anonymized aggregations solve the consent problem?

4. Practical Feasibility: How concrete is the "legally clear regulation" for image capture that the Federal Council demands? Where are drafts?

5. Causality: Do subjective definitions really lead to more legal uncertainty, or could plain-language guidance from the Commission solve the problem?

6. Side Effects: Could expanded exemptions for police AI lead to less transparency and more loss of control?

7. Data Quality: Is the warning about unmanageable bureaucracy based on pilot projects, or is it speculative?

8. Implementation Risks: Who ensures that manufacturers actually comply with "Privacy by Design" if the user does not verify?

Sources

Primary Source: Digital Omnibus Regulation: Federal Council Warns of GDPR Chaos and AI Full Stop – https://www.heise.de/news/Digital-Omnibus-Bundesrat-warnt-vor-DSGVO-Chaos-und-KI-Vollbremsung-11228759.html

Verification Status: ✓ Heise News / Federal Council Statements from Friday (exact date from source)

This text was created with the support of an AI model. Editorial Responsibility: clarus.news | Fact-Checking: Stefan Krempl / Heise News