Narrowing "Personal Data" Definition: Companies could argue data isn’t "personal" if they can’t identify individuals, exempting them from GDPR compliance.

Weakening Data Subject Rights: Rights like access, deletion, and correction could be limited to "data protection purposes," blocking their use in labor disputes, journalism, or research.

AI Training Free Pass: Tech giants (Google, Meta, OpenAI) could use Europeans’ personal and sensitive data for AI training with minimal safeguards.

Reduced Protection for Sensitive Data: Health, political, and sexual orientation data would only be protected if "directly revealed," not if deduced.

Remote Device Access: Companies could pull data from users’ devices for vague purposes like "security" or "statistics," risking invasive data collection.

tl;dr Germany is again pushing for macro-level EU reforms that bypass legislative safeguards, violate existing precedent, and disenfranchises EU Citizens in favour of BigTech. The legitimacy of GDPR as a democratic safeguard against Corporate Malfeasance will be effectively nullified in one fell swoop.

New statutes can of course "violate" existing case law. This is usually the point of changing the law...