Big Changes Proposed for EU Digital Laws
The European Commission has proposed a new package of laws called the “Digital Omnibus” that could change the way companies handle data and artificial intelligence in the European Union. If you work with EU traffic or rely on European data for analytics, advertising, or AI features, it’s worth keeping an eye on this proposal, even though nothing has changed in law yet.
What’s Changing?
The Digital Omnibus would revise several laws at once, including the General Data Protection Regulation (GDPR), the AI Act, and Europe’s cookie rules. The proposal aims to simplify and relax some of these rules to promote competitiveness and innovation.
One of the key changes is the delay of stricter rules for high-risk AI systems from August 2026 to December 2027. The proposal would also reduce documentation and reporting obligations for some AI systems and give more oversight to the EU AI Office.
Data Protection Changes
The Commission wants to clarify when information is no longer considered ‘personal,’ making it easier to share and reuse anonymized and pseudonymized datasets, especially for AI training. However, privacy groups like noyb argue that this change could exclude parts of the adtech and data-broker industry from GDPR protections.
Noyb believes that the proposal introduces a more subjective approach, relying on what a controller claims it can or plans to do, rather than a clear set of rules. This could have significant implications for data protection and privacy in the EU.
Cookies and Consent
The proposal would also change the way cookies are handled. The Commission wants to reduce “banner fatigue” by exempting some non-risk cookies from consent pop-ups and shifting more control into browser-level settings that apply across sites.
This means that users would see fewer consent banners for low-risk uses, such as certain analytics or strictly functional storage, once categories are defined. The proposal would also require websites to respect standardized, machine-readable privacy signals from browsers when those standards exist.
AI Training and Data Rights
One of the most contested parts of the Digital Omnibus is how it treats data used to train AI systems. The package would allow companies like Google, Meta, and OpenAI to use Europeans’ personal data to train AI models under a broadened legal basis.
Privacy groups argue that this kind of training should rely on explicit opt-in consent, rather than the more flexible approach in the proposal. Noyb warns that long-running behavioral data, such as social media histories, could be used to train AI systems with only an opt-out model that is difficult for people to exercise in practice.
Why This Matters
This proposal is important if you’re responsible for analytics, consent, or AI-driven products that reach EU users. Over time, you might see smaller, browser-driven consent experiences for EU traffic, along with a different compliance approach for AI features that depend on behavioral data.
For now, nothing in your cookie banners, GA4 setup, or AI workflows needs to change solely because of the Digital Omnibus. However, it’s essential to keep an eye on the proposal and any future changes to ensure you’re compliant with EU laws.
Looking Ahead
The Digital Omnibus is an early sign that the EU is re-balancing its digital rulebook around AI and competitiveness, rather than just privacy and enforcement. Key items to monitor include Parliament’s amendments to AI training and data language, cookie and browser-signal provisions for CMPs and browsers, and changes to AI training and consent for EU users.
Conclusion
In conclusion, the Digital Omnibus proposal has significant implications for data protection, AI, and cookies in the EU. While the proposal aims to simplify and relax some rules to promote competitiveness and innovation, it’s essential to ensure that these changes don’t compromise user privacy and data protection. As the proposal moves forward, it’s crucial to stay informed and adapt to any changes to ensure compliance with EU laws and regulations.