Eurobloat #0187 • November 2025
November gave us the project at its two extremes: reaching, yet again, for the power to scan everyone's private messages, while in the same breath beginning to dismantle some of the digital rules it had spent a decade insisting were untouchable.
Folly of the Month: scanning your messages, checking your papers
On 26 November the Council reached a political agreement on the long-running "Chat Control" plan, by a close and divided vote, with the scope now stretched to cover text messages and videos. Bundled in is mandatory age verification before you may download a messaging app, a game with a chat function, or certain social platforms. A continent that claims to prize freedom now proposes to read its citizens' private conversations and demand their identity documents before they are allowed to say hello. This is not safety; it is surveillance with a child-protection sticker on the front, and it is the single worst idea Brussels entertained all month.
1. Papers, please, to send a message
The same plan would force you to prove your age before downloading the apps you use to talk to your friends. The right to a private word, once taken for granted, is being turned into a privilege granted on production of ID.
2. To its credit, the digital rulebook starts to shrink
On 19 November the Commission unveiled the Digital Omnibus to ease rules across the GDPR, the AI Act and the Data Act. Cutting this burden is genuinely welcome; the only puzzle is why Brussels spent ten years building monuments it now quietly chips away, while never quite admitting the monuments were a mistake.
3. The AI Act clock, mercifully, stopped
The package "stops the clock" on the AI Act's high-risk obligations. Delaying a law that threatened to smother European innovation is the right call; the embarrassment is that Brussels paraded the thing as world-leading before discovering it could not bear to switch it on.
4. The GDPR, gently deflated
The rewrite narrows the definition of personal data, trimming a regime that had grown into a compliance industry of its own. A sensible lightening of the load, and a tacit admission that the original was heavier than anyone needed.
5. Even the Ombudsman says they cut corners
The European Ombudsman found that the Commission had rushed its packages through under claims of urgency, without proper impact assessments and with civil society shut out. When your own watchdog says you skipped the homework, you skipped the homework, whatever the merits of the result.
6. A new law to handle complaints about the laws
On 17 November the Council adopted rules to speed up cross-border data-protection complaints. The bureaucracy now includes bureaucracy for processing grievances about the bureaucracy.
7. The lawyers start mapping the exits
Firms began publishing guides on the legal grounds for challenging EU overreach against companies based outside the Union. When the advice industry quietly draws the escape routes, the rules have plainly gone too far.
8. Three landmark laws, reopened in one bundle
The GDPR, AI Act and Data Act were all reopened together in a single omnibus, the better to move a great deal past tired observers at once. Even sensible changes deserve daylight, and bundling is how Brussels turns scrutiny into homework nobody finishes.
9. And it still will not make Europe competitive
Bruegel concluded that even this grand unpicking would not, on its own, make EU digital services competitive. Years of rules, a dramatic partial bonfire, and the verdict is that the real problem was the whole approach.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: