Europe is scaling back GDPR and relaxing AI laws

Original Article ↗ Hacker News Discussion ↗

Perceived rollback of GDPR & privacy risks

  • Many see allowing broader use of “anonymized” and pseudonymized data, especially for AI training, as effectively gutting privacy, arguing large datasets can usually be re‑identified.
  • Several commenters call this a clear win for adtech and US Big Tech, and a loss for EU citizens and small EU firms.
  • Others insist there is “no U‑turn,” claiming GDPR’s core remains intact and the article overstates the change.

Cookie banners, tracking, and consent mechanisms

  • Long debate over cookie banners: some welcome their reduction and browser‑level controls, others stress banners were never legally required for essential or purely technical cookies.
  • Many argue the banners are a product of malicious compliance and dark patterns: “accept all” is one click, while “reject all” is hidden behind complex flows; some sites gate content behind “accept or pay.”
  • Technical commenters note law targets tracking and data sharing, not cookies per se, and that first‑party, non‑identifying analytics can avoid banners entirely.
  • Strong support for standardized browser/OS signals (Do Not Track, Global Privacy Control, “kid mode”) that must be honored by law, to replace site‑by‑site dialogs.

Enforcement vs design of laws

  • A major theme: regulation isn’t the problem, non‑enforcement is. Authorities rarely fine dark‑pattern CMPs or government sites that misuse banners, so abusive practices became the de facto norm.
  • Others counter that vague, “intent‑based” GDPR rules plus thousands of pages of related tech law make compliance costly and uncertain, especially for small actors and volunteers.

Impact on startups and EU competitiveness

  • Some founders say GDPR/AI rules deter investment and make EU startups avoid data‑heavy products or EU customers; legal review, DPA negotiations, and cross‑border data rules are seen as real friction.
  • Others respond that if your model depends on intrusive PII exploitation, it should be hard; they blame undercapitalization, conservative investors, and fragmented markets more than GDPR for the lack of EU giants.

AI, sectoral rules, and “smart” regulation

  • Healthcare AI practitioners worry that softening the AI Act and tying it to shifting technical standards will reduce patient safety and replace clear, high bars with ambiguity.
  • Some commenters want “smarter rules”: strong bans on targeted tracking ads, clear safe‑harbors for small actors, and precise, enforceable standards rather than broad rollbacks.