Well according to the Chat Control legislation proposal, politicians are, of course, exempt from monitoring.
Nope. That's not true. There is a provision that exempts people working for state security (e.g. spies), not politicians.
Please don't make up stuff: this proposed law is already bad enough.
You run a merch store. You want to share with your suppliers order data so that you can get the right number of sizes/colors/etc. Is this PII under GDPR rules? Technically, yes! Not only is there information on gender, but also people's height and weight and maybe even family makeup. Does it make sense to call this data sub-processing? Eh? Maybe? (To my knowledge, I don't know if any examples like this actually caught any enforcement.)
Under the new proposal, sharing this data is okay, so long as you use pseudo-anonymous identifiers (customer-1234, customer-1235). You still can't share sensitive identifiers (name, address, email, login, etc).
Obviously the elephant in the room is AI and training data. But this also simplifies a lot of the ticky-tacky areas in GDPR where PII rules are opaque and not-consistently enforced anyway.
What the GDPR requires is that the user is informed about the processing and the suppliers used, and in some cases, provides consent to the processing.
The new proposal which suggests that pseudonymized data is not always PII is a different thing. It actually opens the door to a lot of new problems in my opinion. For example, with this new interpretation, big tech might question whether IP addresses are still personal data (which is something EU top courts had previously established)? What about cryptographically hashed values of your social security number (easy to break)?