MEPs from the European Parliament's Industry, Research and Energy (ITRE) committee clashed sharply on December 3, 2025, over proposed reforms to EU data privacy legislation. The debate highlighted deep divisions between Socialists and Democrats (S&D) advocating for strengthened data protection rights and the European People's Party (EPP) pushing for deregulatory measures to benefit businesses.
At the heart of the dispute were two contrasting visions. S&D MEPs, led by Raphaela Lecuano, called for substantial increases in EU powers to enforce stricter transparency requirements on data controllers and processors. They emphasized the necessity of robust consumer protections, especially concerning biometric data and AI-driven profiling, with concrete proposals including the establishment of a new EU Data Protection Authority endowed with extended investigative and sanctioning powers, and a proposed €250 million budget to support this agency by 2027. Lecuano also set a measurable target of reducing data breaches by 40% within three years of enactment.
Conversely, EPP MEP Klaus Zimmermann cautioned against excessive regulatory burdens that could hamper business competitiveness and innovation. He urged for a more flexible framework, advocating for the reduction of certain compliance obligations for SMEs and prioritizing voluntary codes of conduct over legislative mandates. Zimmermann highlighted an intent to roll back some of the more stringent rules introduced in previous directives, stressing economic growth and market liberalization, particularly in the digital services sector.
The ITRE debate took place during the committee meeting on 3 December 2025 in the European Parliament, setting the stage for further negotiations with other EU bodies.
Beyond the polarized stances, other speakers contributed with a spectrum of approaches. The Green/EFA group proposed inclusion of explicit carbon footprint reporting linked to data centers, tying data governance to environmental objectives – a less detailed plan but indicative of broadening the policy remit. Conversely, some liberal MEPs offered more vague commitments centered on promoting innovation and safeguarding digital freedoms, without specific targets or timetables.
The policy orientations diverge notably: S&D seeks to increase EU institutional strength and regulatory oversight in data privacy to enhance consumer protections, which would impose higher compliance costs on digital service providers and data-driven industries in the EU. This may push companies to accelerate investments in secure technologies but could also raise operational costs, particularly for smaller firms. EPP favors reducing regulatory intensity to maintain business flexibility, potentially benefiting digital sector profitability and innovation, but possibly exposing consumers to lower protections.
Environmental and civil society stakeholders may welcome the Greens' integration of sustainability metrics, yet this could add compliance complexity for data center operators. The proposals to beef up the EU Data Protection Authority would affect national data protection authorities by reallocating some oversight responsibilities.
Moving forward, the European Parliament's plenary and the Council will likely have to reconcile these conflicting priorities, balancing data privacy safeguards with economic competitiveness. The concrete funding aims and institutional proposals tabled by S&D suggest a push for stronger EU-level enforcement mechanisms, whereas EPP’s approach indicates resistance to expanding EU powers and regulatory scope in the digital domain. The evolving legislative process will provide further clarity on the final policy mix shaping the EU's data privacy landscape in the coming years.