Presented as a "simplification," the 156-page Digital Omnibus project rewrites the foundations of the GDPR with major implications for data governance and AI. Its most decisive amendment concerns Article 9 on sensitive data: by restricting protection to data that "directly reveals" a pathology, the text downgrades all indirect indicators (mobility, heart rate, sleep patterns, behavioral stress) to the less protective general regime.

This reclassification is strategic because these weak signals precisely feed predictive health profiling and AI model training without consent. The document also extends legitimate interest (Article 6) to optimization, anomaly detection, and AI model improvement, making consent less central for many uses.

Fundamental individual rights (access, rectification, erasure) would be restricted by a "manifestly excessive" criterion with no clear definition, giving companies more latitude to refuse citizen requests. On governance, ENISA (the cybersecurity agency) would inherit powers previously exercised by national data protection authorities, centralizing legal interpretation toward a technical institution and reducing local nuance.

This project responds contextually to American criticism and pressure from tech giants. It symbolizes a quiet abandonment of the European distinctiveness that placed fundamental rights at the center of digital regulation, in favor of competitive alignment. The winners are clearly identified: major tech platforms, generative AI players, and industrial states seeking to lighten regulatory constraints.

The losers are numerous: citizens whose rights become contestable, SMEs facing an unclear legal framework, DPOs (data protection officers) with weakened mandates, and national authorities stripped of their powers.

According to Max Schrems and other data protection experts, this revision represents "death by a thousand cuts": each isolated amendment appears technical and minor, but cumulatively they erode the protective spirit of the GDPR without media noise or public debate.

The political question extends beyond the text itself: does Europe choose to maintain its position as protector of fundamental digital rights, or align with the American model of maximal data exploitation? For AI4Data and AI governance, these changes are critical: they weaken the European framework that was precisely the differentiator and the trust-based competitive advantage.