Bruxelles, by Nicola Bernardi – If in 2018 the European Union took pride in having introduced a regulation like the General Data Protection Regulation (GDPR) with the aim of creating a single legal framework for data protection, uniform across all Member States, the wind now seems to be blowing in the opposite direction. Precisely at a time when artificial intelligence is becoming increasingly invasive in people’s private lives, the EU Commission has paradoxically launched a reform that – while claiming the good intention of simplifying compliance requirements for businesses – seems destined to significantly reduce safeguards for citizens as well.
Last November, the EU Commission presented the “Digital Omnibus”, a legislative proposal that significantly narrows the application of the GDPR and gives digital companies the green light to use all personal data published by users on social networks and online platforms to train their AI algorithms. And even though the approval of the new Artificial Intelligence Act seemed to mirror the previous ambitions of the GDPR, the European Union now intends to postpone its application to August 2027 to ease the burden on businesses – though in reality, the beneficiaries will primarily be Big Tech and U.S. multinationals.
But apparently, the simplifications of the GDPR are neither an isolated case nor a coincidence among the factors contributing to the progressive erosion of privacy in Europe. It seems evident who is pulling the strings behind the scenes.
Ursula von der Leyen’s declarations last spring turned out to be a flash in the pan; she had stated that “the EU is ready to strike U.S. Big Tech doing business in Europe”, only to immediately rush to roll out the red carpet for American giants after Donald Trump threatened to “impose tariffs and restrictions on countries whose taxes and legislation target large U.S. tech companies”.
If the EU’s U-turn on data protection clearly seems to bear the American president’s signature, there is also a whole series of other circumstances that – more or less subtly – are contributing to weakening the effectiveness of European institutions and the rights people have relied on until now.
Considering that the seat of the European Data Protection Supervisor (EDPS) is currently occupied by Wojciech Wiewiórowski, left in limbo since his five-year mandate expired on 5 December 2024 with the European Union failing both to appoint a successor and to provide any explanation.
In Ireland, where most U.S. multinationals are headquartered, in September 2025 the choice for Data Protection Commissioner fell on Niamh Sweeney, a former Meta lobbyist. Mr. Max Schrems, lawyer and founder of the activist organization noyb (None of Your Business), commented on the appointment stating: “The United States demands that European countries publicly bow before U.S. Big Tech”. Meanwhile, in Italy, a storm is raging over the national Data Protection Authority, fueled by a journalistic investigation by the TV program Report, which levelled a series of accusations against the members of the Authority’s Board, undermining its credibility and sparking a heated political debate in which there have even been calls for its complete dissolution.
Across the old continent, there are also inexplicable and drastic cuts to the budgets of supervisory authorities, such as the one ordered by the Austrian federal government to the detriment of the Österreichische Datenschutzbehörde (DSB), which will thus be forced to downsize its staff in 2026.
Most notably, according to reports by GDPR Enforcement Tracker, unlike in the past, none of the more than 300 fines issued by European authorities in 2025 – totalling over €1 billion -targeted a U.S. Big Tech company. The only major -fine for violation of the EU Regulation inflicted on a tech giant was the €530 million fine issued by the Irish authority against the Chinese company TikTok. While on the other hand, it is curious that the French authority (CNIL), in fining Google €325 million, did not apply the rules of the GDPR, but rather those of its own national law dating back to 1978.
Obviously, we cannot prove that behind every situation obstructing the proper functioning of mechanisms regulating European data protection there is the covert orchestration of the Trump administration. But the fact remains that everything is working in favour of American tech giants. And if the theory attributed to writer Agatha Christie is consistent – that “one clue is just a clue, two clues are a coincidence, but three clues are a proof” – there are good reasons to suspect that it is not merely the European Union seeking compromises to gain the USA’s blessing, but rather that there is an outright sabotage underway aimed at annihilating all previous EU ambitions regarding data protection. And if that is the case, the shadow of a potential “Great Reset” of European privacy would be looming.
Nicola Bernardi, President of Federprivacy
President of Federprivacy since 2008, Labour Consultant and Journalist. TÜV Italia-certified Privacy Officer. He is Of Counsel at the law firm ICT Legal Consulting. he has authored and edited various books on the subject and written for prominent publications, including Nòva Il Sole 24 Ore, Forbes Italia, Wired, Il Corriere delle Comunicazioni, Privacy News, and Federprivacy’s quarterly magazine, where he has also served as Editor-in-Chief since 2012.
English version by the Translation Service of Withub![Jamieson Greer, Howard Lutnick, Lars Rasmussen, Maros Sefcovic [Credits: Council of the EU]](https://www.eunews.it/wp-content/uploads/2025/11/d6e5c35f-e88e-4cb1-a7d5-26849ad67502-350x250.jpg)
