According to MacRumors, the European Commission announced a new digital package today that relaxes certain GDPR rules implemented since 2018. The changes include modernizing cookie requirements to reduce pop-up agreements, allowing users to indicate consent with a single click. Browser and operating system settings will save these preferences centrally, eliminating site-by-site consent. The proposal also permits personal data use for AI training without express consent, simplifies cybersecurity reporting, and delays parts of the Artificial Intelligence Act implementation timeline. Critics from European Digital Rights argue these changes risk dismantling human rights foundations in EU tech policy.
The cookie revolution we’ve been waiting for
Here’s the thing – we’ve all been trained to just click “accept all” to make those annoying pop-ups disappear. It’s basically privacy theater at this point. The idea that your browser could just tell every website “this user accepts analytics cookies but rejects advertising trackers” is actually brilliant. But I wonder – will browser makers actually implement this properly? And will websites respect these settings?
Think about the scale of this change. Every single website that Europeans visit would theoretically stop showing those consent banners. That’s thousands of pop-ups avoided daily for millions of users. The efficiency gain alone is massive.
The bigger privacy trade-off
Now, here’s where it gets interesting. While they’re making cookies less annoying, they’re also relaxing rules around AI training data. The proposal allows using personal data to train AI without explicit consent. So on one hand, you get fewer pop-ups. On the other, your data might be feeding AI models without you specifically agreeing to it.
Critics have a point here. European Digital Rights calls this a “major rollback” of protections, and they’re not wrong to be concerned. The EDRi analysis suggests this could undermine the very foundation of EU digital rights. It’s a classic regulatory compromise – give users convenience in exchange for broader data usage permissions.
What happens now?
The European Commission’s full proposal outlines a pretty comprehensive digital strategy update. The delayed AI Act implementation gives companies more breathing room, which many businesses will appreciate. But the cookie changes are what most people will notice immediately.
So when can we expect this? That’s the million-dollar question. Browser updates don’t happen overnight, and website compliance will take time too. But honestly, this feels like a step in the right direction for user experience. The current system is broken – maybe this balanced approach actually makes sense?
