Okay… From my understanding of the article, they are revising a previous definition of what is considered pseudoanonymized data. This defintion was introduced following a court ruling that pseudonymized data can be considered personal data under certain circumstances (Which I’m assuming means if that pseudoanonymized data still contains identifiable information)
They are removing a section which was added in last November, following the court ruling in September. This section claimed that pseudoanonymized data does not count as personal data, even if it contains “Information relating to a natural person” by which other people could identify the person.
So, if I’m understanding this correctly, this is rolling back a previous weakening to the GDPR.
… won’t that be caught by the courts again? Do they play a game to get as many personal data as they can get till it comes back into effect?
The courts ruled in September 2025 that pseudoanonymized data can still count as personal data, if it is not sufficiently anonymized, under the definition as it existed at the time. Since personal data comes with a whole bunch of requirements under the GDPR that meant that even if data is pseudoanonymized, it might not be sufficient to be free of GDPR restrictions
The revision from November 2025 aimed to say “no actually pseudoanonymized data is not personal data after all” even if it contained identifiable information. I could see that introducing a loophole where companies start claiming that they “sufficiently” pseudoanonymized their data, even though it’s still full of identifiable information.
Scrapping that revision just brings us back to the position we were in back in September, where pseudoanonymized data is not automatically anonymous. If the pseudoanonymized data contains identifiable information it is personal information, and thus comes with the additional requirements of the GDPR. (If I’m understanding this correctly)
Edit: Also worth noting that this follows a recommendation by the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS), that the definition of personal data “should say what personal data is, instead of what it is not”, in order to avoid legal uncertainty resulting from the revision in November.
Well, that’s probably a good thing. We’re still watching closely.
Anyone else have trouble reading that headline? Title gore if you ask me.
It’s how they plan to collect our data after the massive pushback so far against chat control. They’re trying to break GDPR and at the moment they are just performing weak spot exploitation.
Have you read the article? They appear to be rolling back a previous weakening, so it is the exact opposite of breaking the GDPR.
In November they tried to classify pseudoanonymised data as not being considered personal information, even if it still contained information by which someone could be identified. This was following a court ruling in September that pseudoanonymised data could be considered personal information in certain situations.
This proposal would roll back that change from November
Have you read the article? Why would they need to rollback to a previous ruling in the first place?
I’ll leave that one with you and expect to hear the loud clang when the penny drops.
- Hint: look up weak spot exploitation.
deleted by creator
The EU commission are being heavily lobbied by the big tech, as they already have the sway that they need in the US.
https://www.nytimes.com/2025/11/17/technology/europe-big-tech.html
Whether or not that’s the main reason that there has been a change in the wind for many politicians about our privacy and data, or whether or not they have seen other monetary gains from it is unknown. But there are many, many articles covering the lobbying and the push against GDPR etc.
Sorry I actually deleted my comment almost straight away after posting it because ironically, I found that actually, I had misread your comment, but apparently it still made its way to you.
What pushback against chat control? You mean all the comments on lemmy?
Lemmy barely scratches the surface. Most people don’t even know it exists.
What other push back was there? I didn’t see it mentioned anywhere in mainstream media. I didn’t hear about any protests. Why are they capitulating on chat control?
The digital rights movement itself was enormous throughout the campaign, but these were all big players too.
