The recent proposal for the Digital Omnibus Regulation provides for numerous changes to the EU digital rulebook, including a review of the rules on cookies and other tracking devices.
Of particular interest is the extension of the cases in which these tools can be used without the need to obtain the user's prior consent.
This possibility will also apply to the measurement of online service audiences, when the creation of aggregated information on the use of a service is carried out by the owner of the service and exclusively for their own purposes. Another scenario envisaged is the use of cookies to maintain or restore the security of a service at the user's request.
More precise rules on consent are also introduced, most of which are already codified in the practices of both the European Committee and the Data Protection Authority (as is also the case for the said use of analytics without consent). These include limits on the resubmission of consent requests. In the event of rejection, for example, a new request for the same purpose may only be made after at least six months.
Of great impact are the obligations for website operators to ensure that online interfaces allow users to give or refuse consent by automated means that can be read by an automatic device, by adjusting their browser settings. This measure is complemented by the related obligation for browser providers - other than SMEs - to make the necessary technical means available for this purpose.
