127 comments

[ 2.8 ms ] story [ 60.9 ms ] thread
> The changes, proposed by the European Commission, the bloc’s executive branch, changes core elements of the GDPR, making it easier for companies to share anonymized and pseudonymized personal datasets. They would allow AI companies to legally use personal data to train AI models, so long as that training complies with other GDPR requirements.

Put together and those two basically undo the entire concept of privacy as it’s trivially easy to target someone from a large enough “anonymous” set (there is no anonymous data, there only exists data that’s not labeled with an ID yet)

> One change that’s likely to please almost everyone is a reduction in Europe’s ubiquitous cookie banners and pop-ups. Under the new proposal, some “non-risk” cookies won’t trigger pop-ups at all, and users would be able to control others from central browser controls that apply to websites broadly.

Finally!

> The EU folds under Big Tech’s pressure.

This is a very odd framing, because the actual reason from quotes in the article is that the EU is acutely feeling the pain of having no big tech companies, due in part to burdensome privacy regulations.

The pressure isn't really from big tech, it's from feeling poor and setting themselves up as irrelevant consumers of an economy permeated by AI.

I used to live and work in EU, get out of EU before it is too late.
the consequences of their laws is pushing their hands
Incredible to see the 180 both from EU and also from the HN sentiment. HN was cheering on as EU went after Big Tech companies, especially Meta. Meta is no perfect company, but the amount of 'please stick it to them' was strong (I reckon that is still a bridge too far for a lot of folks here).

Even extreme proponents of big tech villanery in the US (Lina Khan's FTC) is also facing losses (They just lost their monumental case against Meta yesterday).

What I really want to see is Meta getting irrelevant ON MERIT. People stop using Meta products, and then I want to see it die. But not by forcing the hand - that's bad for everyone, especially the enterpreuer / hacker types on this site

The thing is that it didn't work for that objective. It didn't seem to have any meaningful impact on all on the Metas and Googles out there. They control the user base and people depend on their products, it was trivial for them to get full consent like they've always done with their Terms & Conditions.

At the same time, it was a heavy burden for data-oriented EU startups like mine. I've spent a few hundred hours dealing with GDPR, it felt like it was designed to stick it to the big companies without any thought on how it would affect the rest.

And it's been a low-level but ever present friction for users.

so what it like working at meta?
> What I really want to see is Meta getting irrelevant ON MERIT.

Me too. But losing on merit requires an (at least somewhat) fair marketplace.

How about this as a privacy law: if you collect data about people without their EXPLICIT permission[1] you can be charged with digital stalking. Same principle as stalking; escalating penalties for repeat offenses and for doing so in bulk or en masse.

EDIT: And you cannot share information gained by permitted collection unless EXPLICIT permission to share is granted.

[1] Eg: it's not sufficient to disclose this in equivocal text buried in 25k lines of EULA text.

Does anyone have a link to the proposal, preferably on the EU website?

I'd like to see for myself, as I don't consider moving the consent method from the webpage to the browser settings "watering down" — it's the opposite.

About time. Startups and innovative business simply cannot get investment when there's the constant risk of a new AI Act massively increasing compliance and legal costs.

But it's not enough - they need to completely repeal the DSA, AI Act, ePrivacy Directive, and Cybersecurity Act at least. And also focus on unifying the environment throughout the EU - no more exit taxes, no need for notaries and in-person verbal agreements, etc.

There's just so much red tape and bureaucracy it's incredible. You can't hire or pay payroll taxes across the EU (without the hire relocating) - that's a huge disadvantage compared to the USA before you even get into the different language requirements.

> users would be able to control others from central browser controls that apply to websites broadly.

Great to see this finally. It’s obviously the way it should have been implemented from the beginning.

We still see this technically myopic approach with things like age verification; it’s insane to ask websites to collect Gov ID to age verify kids (or prove adulthood for porn), rather than having an OS feature that can do so in a privacy-preserving way. Now these sites have a copy of your ID! You know they are going to get hacked and leak it!

(Parents should opt their kids phones into “kid mode” and this would block age-sensitive content. The law just needs to mandate that this mode is respected by sites/apps.)

> Great to see this finally. It’s obviously the way it should have been implemented from the beginning.

It was on its way to get implemented and then Microsoft enabled it by default in IE10, so not making it the choice of a human, and ruined it for everyone.

Poor Europe - lobbyists make sure that Europe stays weak.

That statement includes Ursula by the way.

Companies made cookie banners as obnoxious as possible, because they knew that by making people hate the banners, the population would turn against the GDRP
Yet again, European countries are showing who their leaders are: US Big Tech

No wonder we default to Google Chrome on Microsoft/Apple systems, and American social platforms, to debate issues affecting EU citizens

(comment deleted)
EU introduces Chat Control, then scales back GDPR, what's left? Digital ID and digital currency (with no possibility of paying by cash)?
Don't forget ProtectEU in 2026 - mandatory backdoors to devices.
That's a pity, the government fails to capitalize on its own policies because they fail to set up long term investment. First environmental and e-Mobility and now AI.

Sure, there's way too much bureaucracy. But I see there things like taxes, regulations about the cucumber radius etc.

This is such an important change for Europe. I've worked with 100+ start-ups as a consultant, and I've talked to EU ones who have been strangled by some of the regulations.
Is EU suffering from FOMO?

As an EU citizen, this is shameful and even kind of pathetic to read.

Will we start outsourcing all our IT needs to USA again?

Good, GDPR is useless for the consumer as 99% of the people click "Accept everything". It's only a few of us who care about this kind of thing and we shouldn't have policy made for the 1%.

I hope the changes they implement will actually benefit small startups instead of relaxing regulations for large data hoarders.

The news feels bittersweet. With 10+ of experience in healthcare AI, I have seen enough shitty products to genuinely welcome strict regulation for critical sectors; however, this shift threatens to dilute the sense of urgency that was growing in the sector.

We recently built a platform specifically to navigate the complex intersection of MDR (Medical Device Regulation) and the AI Act, relying on the pressure of hard deadlines. By introducing flexible timelines linked to technical standards, the EU risks signaling that compliance is a secondary concern, potentially stalling the momentum... and at this point patient safety is my biggest concern, not our platform

This introduces chaos rather than relief. Companies do not need lower standards; they need clarity.

We can compete effectively against high standards as long as the rules are clear. EU AI Act was clear. This proposal substitutes the certainty of a high bar with the confusion of a sliding scale, which may hinder the industry more than it helps :/