Ecommerce Europe recently adopted its position paper on the Digital Omnibus on the data acquis expressing broad support for the proposed Digital Omnibus package, viewing it as an important step toward streamlining the EU’s increasingly complex digital regulatory landscape. This initiative, put forward by the European Commission, aims to deliver greater coherence and operational efficiencies across several major legislative frameworks, including the General Data Protection Regulation (GDPR), the AI Act, and cybersecurity rules such as NIS2 Directive and Digital Operational Resilience Act (DORA).
Ecommerce Europe acknowledges that the Omnibus package has the potential to reduce fragmentation and regulatory overlap, longstanding concerns for businesses operating across multiple EU Member States. Simplifying GDPR compliance requirements will ease administrative burden and enable companies to focus more effectively on innovation and growth.
However, we stress that simplification efforts must remain both coherent and workable in practice. Poorly calibrated changes risk introducing new uncertainties rather than resolving existing ones. There are particular concerns about the introduction of proposed Articles 88a and 88b to the GDPR. Rather than achieving true simplification, the proposed provisions may actually disrupt existing business models and create additional compliance challenges.
While Ecommerce Europe supports the broader objective of improving alignment between the GDPR and the ePrivacy Directive, we warn that the practical implications of these amendments could have unintended negative consequences for the e-commerce sector. In particular, the proposal to mandate browsers to implement automated, machine-readable consent mechanisms under the proposed Article 88b which paves the way for centralised cookie management systems would have far-reaching and harmful consequences for the digital ecosystem. Similar concepts have already been explored in past policy discussions, including during negotiations on the ePrivacy Regulation and Cookie Pledge discussions, where they failed to secure consensus among stakeholders.
In addition, Ecommerce Europe welcomes the integration of ePrivacy rules into the GDPR as a step toward a “One-Stop-Shop” approach under new Article 88a GDPR, but considers the current proposal insufficiently adapted to today’s e-commerce landscape. The framework is based on outdated concepts that do not reflect the major transformation of the digital ecosystem over the past two decades. This is why the sector calls for a more flexible, forward-looking approach that both protects users and supports innovation. In particular, We call for full alignment of Article 5(3) of the ePrivacy Directive with the GDPR legal basis, broader practical exemptions reflecting e-commerce realities, including for Privacy-Enhancing Technologies (PETs), and the removal of rigid requirements such as the six-month consent renewal rule.
As discussions on the Digital Omnibus package progress, the e-commerce sector remains open to constructive dialogue. Ecommerce Europe has reiterated its willingness to work closely with EU policymakers to ensure that the final framework delivers on its promise of simplification without undermining the competitiveness and viability of Europe’s digital economy.