16/06/2026
As EU institutions continue discussions on the proposed Digital Omnibus package, a growing coalition of civil society organisations is warning against using the language of “simplification” to weaken hard-won protections for people’s rights online. While the package is presented as an effort to streamline the EU’s digital rulebook, several proposals affecting the GDPR and ePrivacy framework go far beyond technical simplification. They risk weakening safeguards that protect people from intrusive tracking, unlawful data use, opaque profiling and harmful forms of automated decision-making.
A call to protect digital rights
In an open letter to EU Member States, The Good Lobby joined more than 20 civil society organisations in urging governments to ensure that simplification does not come at the expense of fundamental rights. The signatories warn against proposals that would weaken the definition of personal data, create broader openings for AI-related processing of personal information, or shift responsibility onto individuals to protect themselves from systems they cannot meaningfully understand or challenge. Rather than creating legal certainty, such changes could generate greater uncertainty, more litigation and weaker protections. The letter also stresses that provisions removed from the legislative text should not be reintroduced through recitals, guidance mandates or technical compromise language. Even seemingly minor changes can have significant legal consequences and reopen debates on issues such as pseudonymisation, scientific research exemptions and the use of personal data for AI systems.
Protecting privacy from the moment tracking begins
A key concern relates to the relationship between the GDPR and the ePrivacy framework. The letter welcomes efforts to keep rules governing access to users’ devices and communications within ePrivacy law rather than transferring them into the GDPR. This distinction matters because ePrivacy protects the confidentiality of communications and the integrity of devices before personal data is even processed. Blurring the boundaries between the two frameworks could weaken protections at the very point where tracking begins. The signatories also call for the preservation and strengthening of automated privacy signals. These tools would allow people to communicate their privacy preferences through browsers, operating systems or apps, reducing reliance on endless cookie banners while making privacy choices easier to exercise in practice.
The debate around the Digital Omnibus reflects a broader political trend. Across multiple policy areas – from digital regulation to environmental protection, workers’ rights and corporate accountability – “simplification” is increasingly being used as a justification for deregulation. As highlighted by The Good Lobby’s Deregulation Monitor, reducing administrative burdens should not mean lowering standards, weakening accountability or eroding fundamental rights. Europe’s competitiveness will not be strengthened by making it easier to exploit personal data or by reducing protections that foster trust. Strong, enforceable rules create the certainty that citizens, responsible businesses and democratic societies need to thrive. As negotiations continue, Member States have an opportunity to ensure that genuine simplification serves people.