AIAL's Comments for the Consultation on Digital Omnibus (Digital Package on Simplification)

Feedback on GDPR, ePrivacy Directive lawmaking submitted to European Commission's Directorate-General for Communications Networks, Content and Technology on 13 Mar 2026
link to consultation | download document

Cite as: Harshvardhan J. Pandit, "AIAL's Comments for the Consultation on Digital Omnibus (Digital Package on Simplification)" AI Accountability Lab (AIAL). https://aial.ie/research/policy/consultation-2026-EU-Digital-Omnibus-Simplification DOI: 10.5281/zenodo.19009758

We welcome the Commission’s proposals on simplifying the regulations. However, we consider several aspects as being problematic, and therefore do not recommend accepting them at this stage. We summarise our views as follows:

  1. Definition of Personal Data: should be rejected as it drastically changes the scope of the GDPR, affects its rights, and has a material impact on the fundamental right to data protection as defined in Article 8 of CFR.
  2. Facilitating use of personal data in AI systems: approach with caution as it introduces unwanted ‘side-effects’ and risks GDPR’s ’neutrality’.
  3. Restriction of GDPR rights: should be rejected as they are disproportionate, the solutions are not likely to be effective, and they have an impact on fundamental rights which have been enabled through the use of the GDPR rights.
  4. Harmonisation of DPIA Requirements: should be accepted with changes regarding ensuring the competency of EDPB as the authority rather than the Commission as outlined in the document.
  5. Privacy Signals: should be accepted with changes related to the scope, validity, and introduction of considerations to ensure this does not create unwanted effects such as further popups or dark patterns. This is a detailed section with considerations on existing privacy signals, addressing consent fatigue, a gap analysis of Article 88b provisions, addressing the issue of automating ‘given consent’, and suggesting criteria for defining validity of privacy signals.

The ‘Digital Omnibus’ series of legislative proposals include key changes to the GDPR, one of which is addressing the issues surrounding ‘consent fatigue’ and strengthening users’ privacy rights online’. This document is the feedback submitted to the public consultation associated with this proposal. The document provides a holistic overview of the problem space regarding ‘consent’ and ‘privacy management’, describes the ecosystem, its actors, and their behaviours that have led to the problem, analyses the current state of technical solutions and their standardisation status, and to identify concrete recommendations to the proposed GDPR Article 88b to ensure materialisation of the intended benefits.