DOT Europe presents a legal assessment on article 9 of the GDPR under the Digital Omnibus

Brussels, 24 March 2026 – DOT Europe, the voice of the leading internet companies in Europe, presented a legal assessment on Article 9 of the GDPR (processing special categories of personal data) under the Digital Omnibus. The Digital Omnibus represents an opportunity to strengthen Europe’s competitiveness in the global digital economy, particularly on AI.

European Union flags

“We welcome the derogation enabling residual processing of special categories of data to train AI models,” said Benjamin Brake, Director General at DOT Europe. “However, the Digital Omnibus does not properly address two central issues: training AI models is impossible without including personal data of public figures, and the full deletion of special categories of data after collection is not always technically feasible.”

Benjamin Brake, Director General at DOT Europe

Bridging Legal Clarity and Innovation: Rethinking GDPR Application for AI

The legal assessment argues that, when appropriately applying existing CJEU case law, the GDPR can already address the issues the proposed amendments seek to address. As currently drafted, the Digital Omnibus’s amendments do not resolve the legal uncertainty around the lawfulness of processing special categories of data and criminal data of public persons — both essential for training AI models.

Rethinking Safeguards for Practical AI Compliance

DOT Europe also finds that the current amendment is unnecessarily strict in prescribing a fixed sequence of safeguards. Instead, safeguards should focus on continuous, lifecycle-based risk mitigation, in line with the AI Act.

Enabling Proportionate, Innovation-Friendly AI Regulation

To deliver on its ambitions, the Omnibus should not only simplify existing rules but also ensure they are technically feasible and innovation friendly. A more proportionate, risk-based approach would better support trustworthy AI.