EU Plan To Streamline GDPR Targets AI Training And Cookie Consent

The EU plans to streamline GDPR targets AI training and cookie consent requirements to improve transparency and user experience.

The European Commission has introduced a legislative package known as the “Digital Omnibus” aimed at streamlining and easing compliance with key EU tech regulations. This includes proposed amendments to the “General Data Protection Regulation (GDPR)“, the “Artificial Intelligence (AI) Act“, and existing cookie consent policies.

Revisions on AI Regulations and Data Use

One significant change would postpone the implementation of stricter rules on high-risk AI systems from August 2026 to December 2027. The proposal also seeks to lighten documentation requirements for certain AI systems and shift oversight responsibilities toward the EU AI Office.

Furthermore, it clarifies when data ceases to be “personal,” facilitating easier sharing and reuse of anonymized or pseudonymized datasets, particularly for AI training purposes. This aims to provide greater legal certainty and help companies innovate more rapidly.​

Privacy group noyb argues that the new language goes beyond simply clarifying existing rules. According to the organization, the proposal shifts toward a more subjective standard based on what a controller says it can or intends to do.

Noyb cautions that this change could allow segments of the adtech and data-broker industry to sidestep GDPR protections.

Easing Cookie Consent and Addressing Banner Fatigue

To improve user experience and reduce “banner fatigue,” the proposal suggests exempting some low-risk cookies from explicit consent pop-ups.

Control over cookie preferences would increasingly move to browser-level settings with standardized, machine-readable privacy signals.

This would reduce repetitive consent requests for non-risky uses such as basic analytics or essential site functions, offering a more streamlined privacy consent process for users and businesses alike.​

Impact on AI Training Data and Privacy Concerns

The use of Europeans’ personal data for AI model training is among the most debated areas within the proposal.

While the package broadens legal bases to allow companies like Google, Meta, and OpenAI to leverage personal data more flexibly, privacy advocates warn that this approach risks weakening explicit consent requirements.

Critics emphasize concerns that long-term behavioral data could be exploited under an opt-out model, which may be difficult for users to manage effectively.​

What This Means for Businesses and Users

While the changes are still proposals and pending approval by the European Parliament and Council, businesses relying on EU data for analytics, advertising, or AI should monitor developments closely.

Expect shifts toward more harmonized, browser-driven consent mechanisms and adjusted compliance requirements for AI systems using behavioral data.

For now, existing setups like cookie banners and AI workflows remain unchanged, but the Digital Omnibus signals a notable move toward balancing innovation with privacy safeguards.​

Final Thought

This initiative reflects a pragmatic step by the EU to modernize digital regulations, aiming to boost competitiveness while addressing ongoing privacy and data protection challenges in an evolving tech landscape.