The Digital Omnibus Directive (or short: DOD) refers to a potential European Commission’s legislative initiative, aimed at streamlining digital regulation within the territory of the EU.
The Story Behind
Almost a decade upon the launch of GDPR, which had a profound impact on the digital market as a whole, and on the online advertising industry, in particular, it looks like the European Commission is exploring ways to introduce amendments and/or clarifications to the existing rules and regulations, aligned with the changing realities of the digital ecosystem.
In this context, and as being reported in the media, the EU legislative bodies are considering the development of the Digital Omnibus Directive proposal (DOD), designed to smoothen up operational processes related to personal data protection particularly for small and mid-sized businesses operating in the EU.
Core DOD Benefits
One of the potential benefits of DOD, at least according to the media reports, would be the clarified codification of what constitutes personal data, particularly in case when a company has no direct contact with an individual,
In particular, the proposal is said to specify that the definition of “personal data” might no longer be applied universally (as an “absolute”), just for the sake of the data specifics. Rather, each data controller should assess if a particular data element (e.g. an IP address) can realistically enable it to identify a certain individual, then act accordingly.
That said, no one should expect that the finalized, then approved version of DOD will somehow re-enable the processing of all Personal Data elements without prejudice, but the hope is that some of the data controllers, like publishers and their ad tech vendors will be able to apply somewhat a simplified approach to what kind of data they can legally process, without worrying about the huge fines.
Meanwhile, another potential area addressed by the DOD is related to the use of AI, or better to say, data processing for the sake of AI training purposes, which, under particular safeguards, might be considered a matter of a company’s legitimate interest. Until the final proposal is released for public review, however, all businesses operating in the EU must comply with existing regulations, like the EU AI Act.
The proposed DOD initiative also aims to revisit the concept of Personal Information Management Services (PIMS), which basically means a website would need to accept user consent info sent over somewhat a unified digital tool, i.e. a PIM. In this respect, however, the industry representatives don’t have their consensus on how this should be implemented, particularly given that no obligations would apply until a PIMS technical standard is established on the EU level, and there’s no concrete timeline set for that yet.
Adoption Time Frame
Even though the introduction of DOD can potentially simplify operational processes for many digital companies working in the EU, the fact is, the initiative will hardly be finalized, let alone approved by the European Commission in 2026.
More importantly, the approval process itself will trigger a lengthy adoption period, which means that all digital market players operating in the EU must comply with the current GDPR regulation and the EU AI Act for the foreseeable future.