Skip to content

Wikimedia Europe

Visual Portfolio, Posts & Image Gallery for WordPress

Charles J. Sharp, CC BY-SA 4.0, via Wikimedia Commons

JohnDarrochNZ, CC BY-SA 4.0, via Wikimedia Commons

Markus Trienke, CC BY-SA 2.0, via Wikimedia Commons

NASA Goddard Space Flight Center from Greenbelt, MD, USA, Public domain, via Wikimedia Commons

Benh LIEU SONG (Flickr), CC BY-SA 4.0, via Wikimedia Commons

Michael S Adler, CC BY-SA 4.0, via Wikimedia Commons

Sergey Pesterev / Wikimedia Commons

Stefan Krause, Germany, FAL, via Wikimedia Commons

640px-Wikimedia_Europe_logo_-_vertical

WMEU on the Digital Omnibus & the Russmedia Decision

An omnibus of the Compagnie générale des omnibus. Scanned by Claude Shoshany, Collection personnelle, Public Domain, https://commons.wikimedia.org/w/index.php?curid=1376037

On 19 November 2025, the European Commission unveiled its Digital Omnibus package — a pair of legislative proposals aimed at simplifying the EU’s digital regulatory framework. The first one is focused specifically on AI, while the second covers data protection and re-use of open data.   

The Commission frames these changes as efforts to streamline complex EU rules. However, civil society groups, many MEPs, and even some Member States argue that they fundamentally alter the EU’s digital rulebook by weakening longstanding data protection principles. 

The Wikimedia movement is made up of its organisations, projects and users. They all depend on robust privacy protections, open knowledge sharing, and solid intermediary liability protections. At the same time, the Wikimedia Foundation, as a service provider, also spends considerable resources on sometimes very complex compliance work in the EU.

With all this in mind it is needless to say that these proposals raise significant questions for Wikimedia. We can identify both positive and negative changes in the published texts. 

Comments on Data Protection Changes 

The most contentious aspects of the GDPR proposals involve redefining the definitions of personal and pseudonymised data. These changes could substantially narrow the scope of data protection. One example is that it would be much easier to share pseudonymised data without safeguards, even if the data can be de-pseudonymised. This looks like a re-scoping of fundamental rights, not a simplification measure. 

The proposals would also make the re-use of personal data for AI training easier by categorising it as “legitimate interest,” which paradoxically sets a lower threshold for AI training than for many everyday data uses. These steps look like they will benefit very large technology companies rather than the smaller competitors the Commission claims to support. 

On the other hand, the Commission is proposing a single-entry point for notifications for data breaches. Such breaches currently have to be reported to many or all data protection authorities across the EU and EFTA, which clearly wasn’t practical or very workable. 

Another positive element is the proposed so-called “privacy signal”. It would give people a clear way to refuse or allow data access by setting their preferences in the browser instead of clicking through pop-ups on individual sites.

Impact on Open Data and Knowledge Commons

The Omnibus wants to reduce the number of data-related legislative acts that currently includes the Data Governance Act, the Open Data Directive and the Data Act. It would repeal the directive and incorporate its articles into the regulation, the Data Act. This is positive in two ways: It will hopefully make the rules easier to understand and reduce overlaps and contradictions, as they will be in one place. As a regulation is also directly applicable, this should, at least in theory, mean less national divergence across the EU. 

The Commission is also proposing another change that needs to be thoroughly thought through. It wants to allow public sector bodies to charge higher fees for data and documents requested by very large enterprises. Politically speaking this is understandable and may even be desirable. Actors with immense economic power should contribute more to the commons.  

The challenge here comes from the practical application. In order to treat very large enterprises differently from everyone else, public sector bodies would likely try to change their standard open licenses to non-standard and restrictive ones. This is a risk for the re-use of open government data.

Wikimedia itself has looked at a similar challenge and thought hard how to solve this conundrum. Wikimedia Enterprise ensures that all knowledge on Wikimedia projects remains free & open, while charging very large re-users for the provision of very high bandwidth access, but not for the data itself. Of course this may not work for everyone. But charging one specific group of actors for the data itself would definitely break standard open licensing. 

Another aspect is that currently EU rules already allow public sector bodies to charge for some datasets. If the new rule is limited to this category of data, the negative consequences would likely be very manageable.    

The Elephant in the Room: Russmedia 

While the European Commission is trying to simplify certain parts of the digital framework, the Court of Justice of the EU is changing important parts of it as well. The recent Russmedia ruling results in several major question marks around how the GDPR relates to the DSA. It seems to make significant changes to platforms’ intermediary liability protections, something without which user-generated content is quasi unimaginable.

Some have argued that it’s limited to marketplace platforms, but the consequences of its application to other services could be momentous. All eyes now are on the forthcoming Meta/Kunast case in Germany, which might (as a matter of German law) explore transposing the Russmedia doctrine over to commercial social media platforms.  If it does spread, there will be greater pressure on the EU to provide a legislative fix. 

Our view is that Wikipedia and its sister projects shouldn’t be directly affected by the decision, for instance because uploaders aren’t paying to amplify content or algorithmically push content on other users. An EU-wide reaffirmation of intermediary liability protection principles and harmonisation of strong freedom of education and expression exemptions under GDPR Article 85 would nevertheless be a very welcome EU initiative.

Wikimedia Europe’s Response

Wikimedia Europe is carefully analysing the proposals and their potential impacts on free knowledge, user privacy and non-commercial, community-driven platforms. We recognise the need to streamline the sometimes very complex maze of rules across EU laws and welcome such steps. We would also like a public discussion that clearly differentiates between simplification on one hand and re-scoping or even limiting fundamental rights on the other. We see a tendency of conflating the two.  

We intend to provide feedback to the Commission consultation (due 3 February) and relevant lawmakers. 

Tags: