Europe’s digital reform: What the AI omnibus means for campaigners
December 4, 2025
by Shaun Frazao
Any user of the European internet knows the ritual. The ubiquitous pop-up demanding one “Accept All Cookies” is the most visible legacy of the GDPR. The law was built on a noble idea – that personal data belongs to the individual – but in practice, it has created a digital landscape defined by bureaucratic friction.
The result is “banner fatigue” for users and compliance nightmares for businesses. Ambiguities regarding pseudonymous data, AI training and digital targeting have arguably stifled innovation, leaving Europe trailing in the global race against the United States and China.
Now Brussels seems ready for a course correction. The European Commission’s new “Digital Omnibus” proposal reflects a broader agenda for President von der Leyen’s second term: cutting red tape to foster competitiveness. The Digital Omnibus represents a legislative attempt to untangle the Union’s digital knot by harmonising the conflicting demands of the AI Act, the GDPR and the Data Act. The goal is a smarter balance, maintaining privacy protections while allowing Europe’s digital industries to breathe.
For public affairs and digital advocacy, this promises a significant modernisation, designed to provide clarity and unlock new opportunities. Known informally as the “AI Omnibus,” the Commission’s proposal sets out several key changes:
1. Innovation as a legitimate interest
For too long, the GDPR has acted as a brake on development. If an advertiser wants to collect data to train an AI model – an engine designed to predict behaviour and show the perfect ad – they face the hurdle of obtaining explicit consent for data which is often already publicly available.
The proposal seeks to create a new “legitimate interest” for innovation. This would provide a clear, harmonised legal basis for companies to use personal data to build and train their AI models. It aims to replace the current legal ambiguity, which can stifle research, with a more streamlined process.
The argument, in effect, is that innovation itself is a sufficient justification. The result? Billions of data points could be fed into AI models to make their advertising engines smarter.
2. Redefining personal data
This is the technical heart of the matter, and it is aimed squarely at the digital advertising industry. Under current GDPR rules, personal data protection extends beyond names or emails to include pseudonymous identifiers such as a phone’s advertising ID or a browser cookie. These unique codes can track users across the internet, enabling precise targeting but also creating legal complexity. The AI Omnibus proposal clarifies that, in certain contexts, this type of scrambled data would no longer be treated as personal data.
This could be transformative for campaign operations. Teams would be able to more easily perform crucial functions like ad-frequency capping (which stops them from alienating a key policymaker’s staff by showing them the same ad 20 times) or attribution (proving that a digital ad they ran actually led a constituent to sign a petition or submit a comment to a regulatory body). The result should be a more functional, less wasteful and more measurable digital operation, enabling campaigners to engage audiences smarter and more responsibly than ever before
3. Enhancing relevance without intrusion
The GDPR correctly built a high wall around sensitive categories like political opinions and religious beliefs. Today, however, that wall is so high it often forbids relevant communication entirely.
The Commission’s proposal introduces a pragmatic distinction: that high wall remains, but it would apply different, more flexible rules to what an AI infers about a person’s interests.
For example, an AI model can infer a user’s interest in environmental policy through their reading habits on renewable energy, even without the user explicitly stating their political affiliation.
Under these proposed changes, that inferred interest in “environmental policy” could be legitimately used by a green lobby group to serve targeted, relevant information.This approach protects the user’s private facts while allowing for the kind of tailored, relevant advocacy that a modern digital society expects.
The path ahead
The proposal is moving quickly. Privacy advocates are naturally sceptical, but the Commission frames this as a careful modernisation, not a rollback. For years, businesses have argued that the GDPR’s rigidity made Europe a difficult place to innovate. This Omnibus is the direct answer, offering clarity, proportionality, and a path to more effective, measurable digital engagement.
The proposal now faces the ordinary policy process involving scrutiny from member state ministers and the European Parliament. For businesses and advocacy organisations, the coming months represent a moment to prepare, adapt, and shape the future of digital engagement in Europe.
The proposal represents a pragmatic recalibration of priorities, aiming to create a more data-driven and innovative digital single market.
Should this vision prevail, the rules of advocacy in Europe will evolve from a defensive crouch to a proactive stance. The consent model will not vanish, but it will be rationalised, securing Europe’s place, and the industry’s capability, in a world increasingly driven by intelligent technology.
