{"id":14952,"date":"2025-12-02T13:23:41","date_gmt":"2025-12-02T12:23:41","guid":{"rendered":"https:\/\/www.myagileprivacy.com\/?p=14952"},"modified":"2026-03-17T14:25:08","modified_gmt":"2026-03-17T13:25:08","slug":"digital-omnibus-lets-bring-some-clarity","status":"publish","type":"post","link":"https:\/\/www.myagileprivacy.com\/en\/digital-omnibus-lets-bring-some-clarity\/","title":{"rendered":"Digital Omnibus: let\u2019s bring some clarity"},"content":{"rendered":"<p>On 19 November, the European Commission presented the proposal called <strong>\u201cDigital Omnibus\u201d<\/strong>, a package of regulatory amendments that also affects Privacy, Cookies and the management of online consent.<br \/>\nIt has been widely discussed, often in alarmist tones (\u201cnew Privacy revolution\u201d, \u201cend of Cookie Banners\u201d, \u201cend of Policies\u201d, etc.). For this reason, the first objective of this article is to <strong>bring clarity<\/strong>.<br \/>\nIn particular, it is important to immediately establish three points:<\/p>\n<ol>\n<li><strong>We are at the beginning of a process<\/strong><br \/>\nDigital Omnibus is currently <strong>only a proposal<\/strong> and will have to go through a long and complex legislative process before it becomes applicable. You can review the text of the proposal at the official link <a href=\"https:\/\/digital-strategy.ec.europa.eu\/it\/library\/digital-omnibus-regulation-proposal\" target=\"_blank\" rel=\"noopener\">https:\/\/digital-strategy.ec.europa.eu\/it\/library\/digital-omnibus-regulation-proposal<\/a>.<\/li>\n<li><strong>The timeline is medium\u2011 to long\u2011term<\/strong><br \/>\nThe regulation <strong>will not enter into force for at least two years<\/strong>, and the text is expected to change along the way.<\/li>\n<\/ol>\n<p><strong>For your day\u2011to\u2011day operations, nothing changes right now.<\/strong> The following remain fully in force:<\/p>\n<ul>\n<li>the <strong>GDPR<\/strong>;<\/li>\n<li>the <strong>ePrivacy Directive<\/strong> and the relevant national implementing laws.<\/li>\n<\/ul>\n<p>All the obligations you already know (Cookies, Privacy notices, prior blocking, legal bases, data subject rights, security, etc.) <strong>remain exactly the same<\/strong>.<br \/>\nThe objective of this article is therefore to:<\/p>\n<ul>\n<li>explain <strong>what<\/strong> Digital Omnibus is;<\/li>\n<li>clarify <strong>where we are in the process<\/strong> and what the next steps are;<\/li>\n<li>illustrate <strong>which topics are being discussed<\/strong> with the Commission;<\/li>\n<li>illustrate our role in this process;<\/li>\n<li>reiterate that the aim of this dialogue is to keep Privacy as a <strong>fundamental right of European citizens<\/strong>, while seeking to simplify the digital experience.<\/li>\n<\/ul>\n<h2 id=\"che-cos-il-digital-omnibus\">What is Digital Omnibus<\/h2>\n<p>Digital Omnibus is a proposal by the European Commission which, in addition to intervening on specific profiles related to Artificial Intelligence, aims to:<\/p>\n<ul>\n<li><strong>simplify<\/strong> the user experience by reducing the proliferation of banners and repetitive consent requests, mainly due to the use of dark patterns in some \u201cintrusive\u201d cookie banners and in in\u2011app browsers;<\/li>\n<li><strong>harmonise and update<\/strong> certain existing rules within the European digital framework;<\/li>\n<li><strong>reduce administrative burdens<\/strong> for businesses and organisations, in particular in the management of consent for the use of Cookies and similar technologies.<\/li>\n<\/ul>\n<p>Within this framework, measures include, among others:<\/p>\n<ul>\n<li>the possible <strong>centralisation of consent choices<\/strong> at browser or operating system level;<\/li>\n<li>the definition of <strong>specific regimes<\/strong> for certain sectors (such as media);<\/li>\n<li>the introduction of <strong>minimum periods<\/strong> between one consent request and another (cooldown);<\/li>\n<li>the potential evolution of the current ePrivacy rules on <strong>Cookies and similar technologies<\/strong> towards a more risk\u2011based approach.<\/li>\n<\/ul>\n<p>The Commission\u2019s stated intent is twofold:<\/p>\n<ul>\n<li><strong>simplify<\/strong> and make the online experience more consistent for users;<\/li>\n<li><strong>streamline<\/strong> compliance requirements for businesses, while maintaining an adequate level of Privacy protection.<\/li>\n<\/ul>\n<h2 id=\"a-che-punto-l-iter-normativo\">Where the legislative process stands<\/h2>\n<p>A key point, in line with what has already been highlighted in our newsletter, is that Digital Omnibus:<\/p>\n<ul>\n<li>is currently <strong>an initial proposal<\/strong>;<\/li>\n<li>will have to go through a full legislative process before it can be turned into applicable rules.<\/li>\n<\/ul>\n<p>The main stages of the legislative process are:<\/p>\n<ol>\n<li><strong>Public consultation and stakeholder dialogue.<\/strong> The Commission has already started a dialogue with:\n<ul>\n<li>data protection authorities;<\/li>\n<li>trade associations and business organisations;<\/li>\n<li>civil society organisations;<\/li>\n<li>technical and legal experts.<\/li>\n<\/ul>\n<p>During this phase, comments, concerns and proposed amendments are collected.<\/li>\n<li><strong>Possible revisions of the text by the Commission.<\/strong> Based on the contributions received, the text can be corrected, clarified and supplemented.<\/li>\n<li><strong>Discussion and vote in the European Parliament.<\/strong> Parliament:\n<ul>\n<li>examines the proposal;<\/li>\n<li>introduces and votes on amendments;<\/li>\n<li>adopts its own position.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Discussion and approval in the Council of the European Union.<\/strong> The Member States, meeting in the Council:\n<ul>\n<li>discuss the text;<\/li>\n<li>may propose amendments;<\/li>\n<li>approve a formal position.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Alignment between Parliament and Council (ordinary legislative procedure).<\/strong> The two institutions must converge on a common text (through the so\u2011called \u201ctrilogues\u201d).<\/li>\n<li><strong>Publication and adaptation period.<\/strong> Once approved:\n<ul>\n<li>the text is published in the <strong>Official Journal of the European Union<\/strong>;<\/li>\n<li>a <strong>transitional period<\/strong> follows before it becomes actually applicable, to allow businesses and organisations to adapt.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>To summarise:<\/p>\n<ul>\n<li>it is <strong>not<\/strong> a regulation already in force;<\/li>\n<li>the content of the proposal is <strong>subject to change, even substantially<\/strong>;<\/li>\n<li>the timeframe for application is <strong>medium\u2011 to long\u2011term<\/strong>.<\/li>\n<\/ul>\n<h2 id=\"cosa-cambia-oggi-per-chi-gestisce-siti-app-e-dati-personali-\">What changes today for those who manage websites, apps and personal data?<\/h2>\n<p>It is important for us to reiterate:<\/p>\n<blockquote><p><strong>For your daily operations, nothing changes today because of Digital Omnibus.<\/strong><\/p><\/blockquote>\n<p>The following remain fully in force:<\/p>\n<ul>\n<li>the <strong>GDPR<\/strong>;<\/li>\n<li>the <strong>ePrivacy Directive<\/strong>;<\/li>\n<li>the national implementing rules<\/li>\n<\/ul>\n<p>Consequently:<\/p>\n<ul>\n<li>the management of <strong>Cookies, pixels and other tracking tools<\/strong> follows the current rules;<\/li>\n<li>activities such as <strong>marketing, newsletters, remarketing, profiling<\/strong> must continue to be framed within the current legal bases;<\/li>\n<li>all obligations regarding notices, security measures, prior blocking, and any DPIA (when required) remain fully valid.<\/li>\n<\/ul>\n<p>No specific adjustment to the content of Digital Omnibus is required at this stage.<\/p>\n<h2 id=\"i-principali-temi-tecnici-al-centro-della-discussione\">The main technical issues at the centre of the discussion<\/h2>\n<p>One of the key ideas is the <strong>collection of consent preferences at browser or operating system level<\/strong>.<br \/>\nIn practice, the idea is that:<\/p>\n<ul>\n<li>the user can express some <strong>general choices<\/strong> once (for example, by purpose categories);<\/li>\n<li>these preferences are then <strong>applied<\/strong> to the websites visited via Consent Management Platforms, reducing the need for repeated consent requests.<\/li>\n<\/ul>\n<p>The <strong>critical<\/strong> issues causing the greatest concern include:<\/p>\n<ul>\n<li>how to ensure that these choices are <strong>clear, understandable and modifiable<\/strong>;<\/li>\n<li>how to reconcile general preferences with:\n<ul>\n<li>the specific needs of individual websites;<\/li>\n<li>the needs of particular services (e.g. payments, personalised content, marketing);<\/li>\n<\/ul>\n<\/li>\n<li>how to integrate coherently:\n<ul>\n<li><strong>desktop<\/strong> browsing;<\/li>\n<li>the use of <strong>mobile devices<\/strong>;<\/li>\n<li>and <strong>in\u2011app<\/strong> browsing, which is increasingly common.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>In addition, the proposal introduces the idea of a <strong>\u201cmedia exemption from consent at browser level\u201d<\/strong>, i.e. specific rules for publishers and information providers.<br \/>\nThe ongoing discussions concern, among other things:<\/p>\n<ul>\n<li>the need for a <strong>precise definition<\/strong> of what is meant by \u201cmedia\u201d;<\/li>\n<li>the impact of differentiated regimes on <strong>competition<\/strong> with other sectors;<\/li>\n<li>how to ensure that the <strong>direct relationship between user and publication<\/strong> is preserved, even in a context of possible centralisation of choices.<\/li>\n<\/ul>\n<p>Continuing this analysis, Digital Omnibus provides for the possibility of introducing a <strong>minimum period<\/strong> (for example six months) during which the choices made by the user <strong>should not be presented again<\/strong> through new consent requests. In this respect, the debate concerns the technical methods to <strong>recognise<\/strong> a returning user, the <strong>general settings<\/strong> expressed at browser level, and the possibility for individual websites to <strong>offer the user a review<\/strong> of their choices in a transparent and non\u2011intrusive way.<br \/>\nFinally, another area of debate concerns the possible replacement or revision of the current Article 5(3) of the ePrivacy Directive (cookies and similar tools), with a mechanism more <strong>focused on risk<\/strong>, which defines categories in a <strong>proportionate<\/strong> and <strong>understandable<\/strong> way, taking into account <strong>technical feasibility<\/strong> and <strong>adaptation costs<\/strong>.<\/p>\n<h2 id=\"il-confronto-in-corso-ruolo-degli-operatori-e-obiettivo-comune\">Ongoing dialogue: role of stakeholders and common objective<\/h2>\n<p>The Commission is collecting numerous contributions from:<\/p>\n<ul>\n<li>data protection authorities;<\/li>\n<li>industry associations;<\/li>\n<li>businesses;<\/li>\n<li>digital rights organisations;<\/li>\n<li>companies that already offer consent management solutions today;<\/li>\n<li>other interested parties.<\/li>\n<\/ul>\n<p>In parallel, many players in the sector are working together to:<\/p>\n<ul>\n<li>analyse the text of the proposal in depth;<\/li>\n<li>identify areas of <strong>convergence<\/strong> between different needs (rights protection, operational sustainability, innovation) and address the <strong>numerous critical issues<\/strong>;<\/li>\n<li>develop <strong>concrete technical and legal proposals.<\/strong><\/li>\n<\/ul>\n<p>The shared objective is to <strong>find a balance<\/strong> between simplification, clarity of the rules and effective protection of rights.<\/p>\n<h2 id=\"perch-importante-il-digital-omnibus\">Why Digital Omnibus matters<\/h2>\n<p>The objectives to be pursued can be summarised as follows:<\/p>\n<ul>\n<li><strong>keeping Privacy at the centre<\/strong> as a right of European citizens;<\/li>\n<li>ensuring that new solutions are <strong>understandable<\/strong> and manageable by users and <strong>implementable<\/strong> by businesses and organisations;<\/li>\n<\/ul>\n<p>As My Agile Privacy<sup>\u00ae<\/sup>, the role we have taken on is to participate in the ongoing debate with a <strong>constructive, regulatory and technical<\/strong> approach, contributing, together with other <strong>companies in the sector<\/strong>, with our experience gained from real\u2011world implementations.<br \/>\n<strong>Do you also want to take part in the debate?<\/strong><br \/>\nThe European Commission has made available, on its page <a href=\"https:\/\/ec.europa.eu\/info\/law\/better-regulation\/have-your-say\/initiatives\/15554-Digital-fitness-check-testing-the-cumulative-impact-of-the-EUs-digital-rules_en\" target=\"_blank\" rel=\"noopener\">https:\/\/ec.europa.eu\/info\/law\/better-regulation\/have-your-say\/initiatives\/15554-Digital-fitness-check-testing-the-cumulative-impact-of-the-EUs-digital-rules_en<\/a>, a form where you can share your concerns, assessments and opinions.<\/p>\n<h2 id=\"cosa-fare-adesso\">What to do now<\/h2>\n<p>In light of the above, the operational message remains the same as already expressed: <strong>calm and clarity<\/strong>.<br \/>\nNo alarmism, but an informed approach.<br \/>\nToday:<\/p>\n<ul>\n<li>no specific action is required because of Digital Omnibus;<\/li>\n<li>it is important to continue to:\n<ul>\n<li>comply with GDPR and ePrivacy;<\/li>\n<li>keep Privacy notices up\u2011to\u2011date;<\/li>\n<li>properly configure Cookie Banners and Consent Management Platforms (CMPs).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Our objective remains the same: <strong>to help you work in a compliant, sustainable way that respects the rights of European citizens<\/strong>, even in an evolving regulatory framework.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On 19 November, the European Commission presented the proposal called \u201cDigital Omnibus\u201d, a package of regulatory amendments that also affects Privacy, Cookies and the management of online consent. It has been widely discussed, often in alarmist tones (\u201cnew Privacy revolution\u201d, \u201cend of Cookie Banners\u201d, \u201cend of Policies\u201d, etc.). For this reason, the first objective of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":15513,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[75,36],"tags":[],"class_list":["post-14952","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-compliance-updates","category-my-agile-privacy-en"],"acf":{"visibilita_box_autore":true,"autore_associato":9226,"elenco_faq_articolo":[{"domanda":"What is the Digital Omnibus?","risposta":"The Digital Omnibus is a proposal by the European Commission presented on November 19 that aims to simplify the online experience for users, reduce the proliferation of banners and repetitive consent requests, harmonize certain rules within the European digital framework, and reduce administrative burdens for businesses and organizations, particularly in managing consent for the use of cookies and similar technologies."},{"domanda":"Is the Digital Omnibus already in force? Do I need to comply right away?","risposta":"No, the Digital Omnibus is currently only a proposal and is not yet in force. No specific compliance is required at this stage. The legislation will not come into force for at least two years, and the text is expected to change throughout the legislative process."},{"domanda":"What changes today for those who manage websites, apps, and personal data?","risposta":"For day-to-day operations, nothing changes today. The GDPR, the ePrivacy Directive, and national implementing regulations remain fully in force. All already established obligations (cookies, privacy notices, prior blocking, legal bases, data subject rights, security, etc.) remain exactly the same."},{"domanda":"What are the main steps in the legislative process of the Digital Omnibus?","risposta":"The process involves: public consultation and stakeholder engagement; possible revisions to the text by the Commission; discussion and vote in the European Parliament; discussion and approval by the Council of the European Union; alignment between Parliament and Council through the so-called 'trilogues'; publication in the EU Official Journal and a transitional period before the legislation becomes effectively applicable."},{"domanda":"What are the main technical topics at the center of the Digital Omnibus discussion?","risposta":"The main topics include: centralized collection of consent preferences at the browser or operating system level; a possible media exemption from browser-level consent for publishers and information operators; the introduction of a minimum period (cooldown) between one consent request and the next (for example, six months); and the possible revision of the current ePrivacy rules on cookies toward a risk-based approach."},{"domanda":"How can I participate in the debate on the Digital Omnibus?","risposta":"The European Commission has made a form available on the page https:\/\/ec.europa.eu\/info\/law\/better-regulation\/have-your-say\/initiatives\/15554-Digital-fitness-check-testing-the-cumulative-impact-of-the-EUs-digital-rules_en where you can express concerns, assessments, and opinions."},{"domanda":"What is the Commission's stated objective with the Digital Omnibus?","risposta":"The Commission's stated objective is twofold: to simplify and make the online experience more consistent for users, reducing the proliferation of intrusive banners and repetitive consent requests; and to streamline compliance obligations for businesses, while at the same time maintaining an adequate level of privacy protection as a fundamental right of European citizens."}],"url_esterno":""},"_links":{"self":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/posts\/14952","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/comments?post=14952"}],"version-history":[{"count":5,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/posts\/14952\/revisions"}],"predecessor-version":[{"id":15516,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/posts\/14952\/revisions\/15516"}],"acf:post":[{"embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/autore-articolo\/9226"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/media\/15513"}],"wp:attachment":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/media?parent=14952"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/categories?post=14952"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/tags?post=14952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}