Joris DeeneThe European Commission, with the Digital Omnibus Regulation launched a proposal that could dramatically change the digital landscape. This proposal aims to radically simplify cookie rules by integrating them directly into the GDPR and enabling centralized browser settings, with the goal of countering pervasive ‘consent fatigue’ among Internet users. Below we analyze what these changes mean concretely for your business and website.
Why a new regulation?
The current legal framework for cookies is complex and fragmented. It rests on two pillars: the ePrivacy Directive (converted into Belgian law through the Electronic Communications Act) and the General Data Protection Regulation (GDPR).
- ePrivacy: Requires consent to set non-emergency cookies (such as tracking or advertisements).
- GDPR: Regulates the processing of personal data collected through these cookies.
This double layer has led to a proliferation of cookie banners. Users are inundated with pop-ups, leading to “consent fatigue”: people often blindly click “accept” to get rid of the banner, which in practice means that consent is no longer truly “free and informed.” After repealing the previous ePrivacy Regulation in 2025, the Digital Omnibus should now provide solace.
The main changes in the Digital Omnibus
The Digital Omnibus regulation proposes some fundamental changes that will redefine website-visitor interaction.
1. Integration into the GDPR.
Whereas cookies now often fall under the ePrivacy Directive, the Digital Omnibus proposes to bring cookies that process personal data directly under the GDPR through the new Articles 88a and 88b. This eliminates the sometimes confusing confluence of two pieces of legislation and centralizes the rules.
2. Browser-driven consent
This is perhaps the most visible change for consumers. The proposal introduces a mechanism for users to set their cookie preferences centrally in their Web browser.
- Websites will be required to respect these automated signals.
- If a user indicates in his browser that he refuses cookies, the website may no longer display a banner asking for permission as yet.
3. “No” remains valid for six months
To protect users from repeated requests, a time limit is set. If a visitor refuses their consent, the data controller (the website owner) may not request new consent for the same purpose for at least six months.
4. Extension of exceptions
The strict consent requirement will be relaxed for low privacy risk situations. Consent will no longer be required for cookies necessary for:
- Measuring one's own audience by the website owner himself.
- Software updates and service security.
- Performing a service requested by the user.
In these cases, the processing could potentially be based on legitimate interest, rather than explicit consent.
Critical concerns and status
Although the proposal is aimed at simplification, criticism is also heard. Privacy organizations such as NOYB warn that the changes could weaken the fundamental principles of the GDPR and erode citizens' protections.
It is important to emphasize that this is a European Commission proposal. It has yet to be considered by the European Parliament and the Council, which means that the final text and entry into force may take some time.
Frequently Asked Questions (FAQ)
Can I still use analytics without permission?
Under the current proposal, the use of cookies for first-party audience measurement (for their own statistics) are exempt from consent, provided the data is not used for other purposes. For tools that share data with third parties (such as certain Google Analytics settings), consent will likely continue to be required.
Conclusion
The Digital Omnibus regulation promises a streamlining of the rules and a better user experience for the surfer. For Belgian Web site owners, however, this means that (eventually) technical adjustments will be needed to correctly interpret browser signals and privacy policies will have to be rewritten. The focus shifts from placing a banner to respecting automated user choices.
Dutch 
English