Your Sensitive Data for AI Training? This New EU Law Says YES! How To Keep Control Of Your Data Despite This
The EU Digital Omnibus law could massively weaken data protection as we know it. Learn what's coming for you and what steps you should take now.
The EU Commission has just quietly prepared one of the biggest attacks on your data protection – and most people have no idea.
In November 2025, the so-called “Digital Omnibus” was presented – a legislative package that, under the guise of “reducing bureaucracy,” aims to massively weaken the General Data Protection Regulation (GDPR). What does this mean for you? Your most private data could soon be legally misused for AI training – without even asking you.
What Is the Digital Omnibus Law?
The “Digital Omnibus” is a comprehensive EU legislative package aimed at simplifying existing digital regulations. It covers four main areas: data protection, data use, cybersecurity, and AI regulation.
Sounds harmless? It’s not.
Behind the technocratic goal of “simplification” lies a disturbing tendency: central protective mechanisms of the GDPR are to be weakened, obligations for companies loosened, and new loopholes created for the processing of personal data – particularly in favor of AI training purposes.
The 3 Horror Scenarios Coming for You
Horror Scenario #1: Your Data for AI Training – Without Your Consent
The use of personal data for training AI systems should now be permitted on the basis of legitimate interest, without requiring the explicit consent of the affected individuals.
What does this mean concretely?
Imagine: You chat with ChatGPT about your health problems, career plans, or personal relationship crises. Until now, companies needed your consent to use this data for AI training – even if that “consent” was often just a quickly clicked banner or a notice like “Your chats may be read by reviewers” that most users ignore.
If the law is implemented? Even this minimal form of warning or consent disappears completely. Companies can simply say: “We have a legitimate interest in improving our AI” – and your most private thoughts end up in the training dataset. No warning. No banner. No way to object before it happens.
The document states: “This would be the case, for example, if processing personal data is necessary to detect and remove bias, or if processing personal data aims to use accurate and safe outputs for a beneficial purpose.”
Sounds good? This is pure window dressing. Practically ANY company can claim it must process your data to improve its AI – and you won’t even know about it anymore.
Horror Scenario #2: Pseudonymized Data = Fair Game
The definition of pseudonymized data should be narrower. This would reduce the scope of protection for personal information, making it easier for companies to use such data.
What does this mean for you?
Pseudonymized data is data where your name has been replaced by an ID – like “User_12345” instead of “John Doe.” Until now, this data was still considered worthy of protection.
If the law comes? Once your data is pseudonymized, it practically no longer counts as “personal.” This means:
- Companies can use it freely
- Cookies and advertising IDs no longer fall under GDPR protection
- Your browsing behavior, your purchases, your interests – everything can be legally tracked and sold
The EU is thus practically paving the way for mass tracking and profiling – completely legally.
Horror Scenario #3: Sensitive Data No Longer “Sensitive”
Article 9 GDPR should be revised. In the future, only information that directly reveals sensitive characteristics – such as health, political opinion, or sexual orientation – would be particularly protected. Derived sensitivities or those only inferred through complex intellectual processes would fall under general GDPR rules.
This is where it gets really scary.
Until now, certain data was specially protected:
- Health data
- Political beliefs
- Sexual orientation
- Religious views
With the new law? Only if you explicitly say “I am homosexual” or “I have diabetes” does this information fall under special protection. If an AI deduces from your Instagram likes, your Google searches, or your shopping habits that you’re probably queer or have health problems – NO special protection anymore.
This is a green light for:
- Insurance companies that secretly discriminate against you
- Employers who reject you based on derived health data
- Advertising companies that exploit your most intimate weaknesses
Cookie Banners Disappear – But Not How You Think
Setting and reading non-necessary cookies should no longer require active consent. Website operators could invoke legitimate interest. Users would then only have the option to object to this processing.
The EU is selling this as “simplification” – no more annoying cookie banners!
The reality? Tracking companies and data brokers can then monitor you BY DEFAULT. You must then object afterwards (if you even notice you’re being tracked).
This is like allowing burglars to break into your house – and you can only throw them out afterwards, if you catch them.
”But This Is Good for Innovation and the Economy!”
Wrong.
Data protection organization noyb takes the position that the EU could destroy nothing less than the fundamental principles of the GDPR with its digital omnibus. Many elements of the proposed reform clearly violate ECJ case law, European conventions, and the European Charter of Fundamental Rights.
Paul Nemitz, former EU Commission director, writes that from GDPR “nothing will remain” and that people, with their entire lives and thoughts, will become “food for huge, profit-oriented AI systems.”
The truth: The law doesn’t help European startups. It helps Big Tech – Google, Meta, OpenAI – make their data collection machines even more efficient, while your fundamental rights are left behind.
What Can You Do NOW About It?
1. Use AI Tools That Respect Your Data
Not all AI assistants are equal. While ChatGPT, Gemini & Co. use your data by default for training (and can use it even more freely with the new law), there are alternatives that take privacy seriously.
Look for AI tools that:
✅ Don’t use data for training – never, under any circumstances
✅ Encrypt your conversations – not simple plain-text storage
✅ Don’t store logs – your conversations must be completely deletable immediately and without retention periods
🔒 Using privacy-friendly AI is the best defense against these laws. If your data is encrypted and never used for training, companies can’t misuse it even with the new Omnibus law.
Whether the law passes or not – with the right tools, you’re always on the safe side.
2. Inform Yourself and Others
Share this article. Most people don’t know what’s happening. The more people who are informed, the greater the awareness of real data protection alternatives.
Talk with:
- Family and friends about the risks
- Colleagues about safe AI alternatives
- Your circle about the importance of data protection
The best defense against surveillance is an informed network of people using better tools.
The Clock Is Ticking
After the publication of the proposals in November 2025, the EU Parliament and the Council of Member States will present their own positions on the legislative package. The process takes months – but once the law is passed, there’s no turning back.
Now is the time to act.
Use privacy-friendly AI tools like CamoCopy. Inform others. Protect your data proactively.
Your privacy is not a luxury. It’s a fundamental right. And the only way to protect this fundamental right is to use tools that don’t just promise data protection – but technically guarantee it.
🔐 Protect yourself today: Switch to AI assistants like CamoCopy, which never use your data for training, offer encrypted conversations, and give you full control. Because one thing is certain: With or without the Digital Omnibus law – at the big tech giants, data protection will never be a priority. Be smarter. Choose alternatives that really protect you.
Test the best privacy-friendly ChatGPT alternative here for free.
