- The European Commission is considering reducing banner ads and allowing saved cookie preferences in browsers.
- Additional exceptions are being considered for "strictly necessary" and simple statistical cookies.
- The industry proposes integrating cookie rules into the GDPR to simplify compliance.
- An omnibus text could be presented in December, with a focus on making consent less intrusive.
After more than a decade of consent banners At every corner of the Internet, Brussels is preparing a major shift: it wants to simplify how we accept or reject cookies and reduce the bombardment of ads that interrupt browsing.
An internal note shared with industry and civil society, to which Politico has had access, confirms that the European Commission is studying two avenues: expanding exceptions so that warnings appear only when necessary and allowing the consent is managed centrally from the browserThe objective is clear: to reduce friction that already consumes more than 575 billion hours per year in Europe.
What changes are on the table?
The first line of work goes through add exceptions to the current rules, so that notices are limited to situations where processing is involved for purposes other than the basic operation of the site. In this regard, countries such as Denmark have proposed excluding notices for cookies strictly necessary or simple statistics.
The second way contemplates that users configure your preferences only once in the browser (Chrome, Firefox, etc.), and that these choices are automatically applied on each website. This would prevent accept or reject cookies site by site, every time a page is visited.
In parallel, the Commission services are considering presenting in December an omnibus text to simplify the technological framework. Among the scenarios considered, one is drastically reduce the presence of pop-ups, always keeping data protection as the axis.
Where we came from: ePrivacy, GDPR, and consent fatigue
The so-called "cookie law" was born from the Directive of electronic privacy (2002) and was reinforced in 2009 with ePrivacy, which required consent before storing cookies. The arrival of GDPR In 2018, it consolidated that principle, triggering the wave of banners we know today.
The experience, however, has led to automatic clicks rather than informed decisions. There have also been walls that push people to "accept or pay," a practice that the European Data Protection Committee has been considered illegal in certain contexts because it upsets the freedom of choice.
In Spain, the AEPD updated its Cookie Guide in 2023 to ensure that rejecting them is no longer more difficult to accept them and to order the design of the interfaces. This review was aligned with the EDPB's 03/2022 guidelines on deceptive design patterns.
Integrating cookies into the GDPR: arguments for and against
A part of the industry has suggested incorporate cookie rules to the GDPR, opting for a risk-based approach that reduces bureaucracy and standardizes consent. The thesis: fewer generic banners and more effective controls, managed from the browser.
Opposite, privacy organizations and civil society sectors warn that a poorly designed integration could relax safeguards, Especially in Targeted advertising and sharing with third parties. One is not ruled out intense opposition by redefining consent.
Previous attempts and the timetable in Brussels
There was already an attempt at simplification with the proposal of Electronic Privacy Regulation 2017, which was eventually abandoned due to its breadth and complexity (ranging from online advertising to national security). The lesson: an overly ambitious text It gets stuck.
Now the Commission is considering a bus package in December, which could alleviate the current ad ecosystem. In parallel, a new Digital Equity Act focused on online advertising, with the ability to accommodate changes regarding consent and trackers.
What would change for users and for websites?
For ordinary people, the most visible impact would be fewer clicks y clearer cookie settings, concentrated in a single browser panel. This would reduce fatigue and give more real control over privacy and personalization.
For publishers and advertisers, the challenge will be to adapt consent flows and transparency: notices only when there is non-essential processing, more documentation and possibly less reliance on third-party cookies for marketing.
In the middle will be the technical and security cookies. simple measurement, presumably with clear exemptions, while targeted advertising and sharing with third parties will continue to require consent. explicit and verifiable.
The Brussels initiative aims to remove noise and restore meaning Consent: fewer pop-ups, more GDPR-compliant rules, and centralized browser options, keeping data protection a priority and improving the experience for those who browse daily.
Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.