EU AI omnibus = e-Privacy Tech architecture total “Reshuffling”
18 May 2026
After EU Council May 7, 2026 initial validation of the EU digital omnibus, ID side team wanted to zoom back on what EDPB said 3 months ago about article 88B GDPR "in the pipe".
Indeed, one of the most significant changes , yet often overlooked, in the EU Digital Omnibus, apart from AI strategic provisions, tackleS e-Privacy rules and online consent Tech architectures.
First, Article 88b GDPR IS NOT A MINOR TWEAK: on the contrary, it’s a fundamental shift in how we manage terminal equipment and digital infrastructure.
Second, reading pages 32-33 of EDPB-EDPS joint opinion on the omnibus, it appears that every DPO needs to prep for internal startegic mapping today:
1. The reshuffling of rules on accessing/storing information in terminal equipment (cookies, pixels, SDKs) is essential. NB: The EDPB "endorses" the goal to solve “consent fatigue” and the “proliferation of cookie banners” while inviting to be more specific on technical implementations.
2. The Opinion clearly states the proposed changes will require redesigning digital infrastructures. Meaning: Your current consent management platforms (CMPs), data layers, and tracking architectures will need a fundamental overhaul. This isn’t a policy update: it’s a substantial technical rebuild to get prepared for.
3. Crucially, the EDPB and EDPS “strongly support” the aim of this reform and specifically welcome entrusting oversight to GDPR supervisory authorities -ensuring consistency but also enforcement. So, on this basis and at this stage of trilogue discussions, Tech architectural redeesign will likely count among DPO 2026 H2 top priorities.
4. The Opinion highlights a critical risk: separating rules over different legal instruments may lead to legal uncertainty. For DPOs, this is a call to action: prepare for the integration of these ePrivacy changes into our Personal Data Management Program immediately!
Next steps?
- Not waiting for the final text
- Mapping terminal-based data flows
- Auditing “legitimate interest” claims for storage/access
- Starting scenario-planning for a post-cookie-banner world (ID side consulting can help).
The ePrivacy reshuffling is a Privacy Engineering path for DPOs to help setting, and ID side stands ready to support your need and get ready in 2026.
Indeed, one of the most significant changes , yet often overlooked, in the EU Digital Omnibus, apart from AI strategic provisions, tackleS e-Privacy rules and online consent Tech architectures.
First, Article 88b GDPR IS NOT A MINOR TWEAK: on the contrary, it’s a fundamental shift in how we manage terminal equipment and digital infrastructure.
Second, reading pages 32-33 of EDPB-EDPS joint opinion on the omnibus, it appears that every DPO needs to prep for internal startegic mapping today:
1. The reshuffling of rules on accessing/storing information in terminal equipment (cookies, pixels, SDKs) is essential. NB: The EDPB "endorses" the goal to solve “consent fatigue” and the “proliferation of cookie banners” while inviting to be more specific on technical implementations.
2. The Opinion clearly states the proposed changes will require redesigning digital infrastructures. Meaning: Your current consent management platforms (CMPs), data layers, and tracking architectures will need a fundamental overhaul. This isn’t a policy update: it’s a substantial technical rebuild to get prepared for.
3. Crucially, the EDPB and EDPS “strongly support” the aim of this reform and specifically welcome entrusting oversight to GDPR supervisory authorities -ensuring consistency but also enforcement. So, on this basis and at this stage of trilogue discussions, Tech architectural redeesign will likely count among DPO 2026 H2 top priorities.
4. The Opinion highlights a critical risk: separating rules over different legal instruments may lead to legal uncertainty. For DPOs, this is a call to action: prepare for the integration of these ePrivacy changes into our Personal Data Management Program immediately!
Next steps?
- Not waiting for the final text
- Mapping terminal-based data flows
- Auditing “legitimate interest” claims for storage/access
- Starting scenario-planning for a post-cookie-banner world (ID side consulting can help).
The ePrivacy reshuffling is a Privacy Engineering path for DPOs to help setting, and ID side stands ready to support your need and get ready in 2026.