Civil Society and Industry Opposition to EU Digital Omnibus and Encryption Backdoor Proposals
A coalition of 127 civil society organizations and trade unions has voiced strong opposition to the European Union's proposed Digital Omnibus changes, warning that these reforms could significantly weaken existing data protection and privacy laws such as the GDPR. The proposed legislation is criticized for potentially reducing safeguards on personal data, including genetic and biometric information, and for making it easier to use such data in AI training and online tracking. The coalition also expressed concern over the lack of transparency and democratic oversight in the legislative process, urging the European Commission to maintain robust digital rights protections.
In parallel, more than 60 digital commerce and trade groups have called on governments worldwide to reject any efforts to weaken or bypass encryption, emphasizing that strong encryption is essential for user privacy, secure data protection, and trust in digital interactions. These groups argue that introducing backdoors or technical mandates for lawful access would undermine security for all users, outweighing any potential benefits for law enforcement. The letter comes amid ongoing debates in Europe and elsewhere about mandating access to encrypted data for criminal and national security investigations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Tech and trade groups push back on global encryption access plans
Industry and trade associations publicly opposed international proposals that would weaken encryption by requiring lawful access mechanisms. The response reflects a broader coalition effort against government-backed access mandates.
Proposed EU Digital Omnibus changes raise data protection concerns
Concerns were raised that proposed changes under the EU's Digital Omnibus package could undermine existing data protection safeguards. The development was reported as a policy threat to established EU privacy protections.
Civil society groups urge governments to reject encryption backdoors
Dozens of organizations called on governments to protect strong encryption and oppose mandates requiring exceptional access or backdoors. This marks the core public advocacy action described across the references.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Tech, trade groups push back on global encryption access plans
scworld.com
Open sourceEU data protection laws under threat from proposed Digital Omnibus changes
scworld.com
Open sourceDozens of groups call for governments to protect encryption
cyberscoop.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
German and EU Civil Society Warn Against Weakened AI Surveillance and Safety Rules
Civil society groups in Germany, including Amnesty International and the Chaos Computer Club, urged the government to withdraw draft laws that would expand digital policing powers through **biometric internet searches** and automated analysis of large police datasets using systems such as **Palantir**. Critics said the proposals from the justice and interior ministries lack judicial oversight, transparency, documentation requirements, and clear limits on data scope and analytical methods, creating risks of mass surveillance, discriminatory profiling, and intrusive scrutiny of victims, witnesses, and uninvolved people. Germany’s independent data protection authorities also concluded that the measures, as drafted, are incompatible with constitutional requirements and could effectively sidestep the EU AI Act’s ban on mass facial-image processing into biometric databases. At the EU level, a coalition led by **BEUC** and 31 other organizations warned that the proposed **AI Omnibus** could dilute safeguards by exempting sectors such as medical devices, radio equipment, toys, and machinery from the AI regulation’s direct scope. The groups argued that existing sector-specific product rules do not address AI-specific harms including discrimination, opacity, and the evolving behavior of AI systems, and said the change would create regulatory gaps, fragmentation, and legal uncertainty rather than simplification. They warned that weakening the framework would undermine consumer protection, fundamental rights, and trust in European AI governance as trilogue negotiations continue.
May 5, 2026
EU Digital Omnibus Proposal to Weaken GDPR Protections for AI and Cookie Tracking
The European Commission is preparing to introduce the "Digital Omnibus" legislative package, which includes significant amendments to the General Data Protection Regulation (GDPR) and related digital privacy laws. Leaked drafts of the proposal reveal changes that privacy advocates argue would create major loopholes, particularly by relaxing rules on pseudonymized data and shifting cookie regulation from the ePrivacy Directive to the GDPR. Critics, including Max Schrems and privacy groups like Noyb, warn that these reforms would undermine existing privacy protections, making it easier for companies—especially large tech and advertising firms—to exploit personal data for commercial purposes. The proposed amendments would also allow broader processing of cookie-derived data under a "closed list of low-risk purposes" or other legal bases, moving away from the current strict opt-in requirements. Privacy experts contend that these changes could violate European Court of Justice rulings and the EU Charter of Fundamental Rights, representing the most significant attack on European privacy since the GDPR's inception. The official unveiling of the Digital Omnibus package is expected on November 19, 2025, and the reforms have sparked strong opposition from privacy advocates who believe the legislative process is being rushed and lacks proper oversight, potentially eroding the rights of EU citizens in favor of industry interests.
Mar 21, 2026
EU Digital Omnibus Proposals Face Privacy Watchdog Backlash Over GDPR Changes
European privacy watchdogs and digital rights advocates are pushing back against the European Commission’s proposed **“Digital Omnibus”** package, arguing that amendments billed as regulatory “streamlining” could **weaken EU privacy protections** and erode fundamental rights. Reported concerns focus on proposed changes to the **GDPR**, including narrowing the definition of **personal data** so that not all data that could potentially be linked to an identifiable person would qualify, alongside other adjustments intended to reduce compliance friction (e.g., reducing cookie banner requirements in some cases and simplifying multi-law breach notification processes). Separately, UK officials told Parliament that **legacy IT** is impeding implementation of technical controls meant to prevent repeats of the Ministry of Defence’s highly sensitive Afghan data exposure, where roughly **19,000** resettlement applicants’ details were compromised via a **CC instead of BCC** email error. The government’s Information Security Review recommended shifting cross-government information sharing away from email/attachments and toward source-based sharing, but ministers and the chief data officer cited departmental system fragmentation as a barrier to rolling out attachment-blocking and safer data-transfer mechanisms at scale.
Mar 21, 2026