A leaked Commission draft for a so-called “Digital Omnibus” would undermine core GDPR protections under the guise of “simplification.” It would narrow the scope of what constitutes personal data, curtail data-subject rights, create AI-specific carve-outs (even for sensitive data), and relax device-level protections currently anchored in the ePrivacy regime. If