OpenLobby.EU
Explore

noyb - European Center for Digital Rights

noyb

The Association has a non-profit aim and conducts strategic litigation in the areas of freedom, democracy and consumer protection in the digital sphere with a focus on consumer rights, the fundamental rights to privacy and self-determination, data protection, freedom of expression, freedom of information, human rights and the fundamental right to an effective remedy.

Lobbying Activity

Meeting with Birgit Sippel (Member of the European Parliament)

4 Dec 2025 · 4th Mid Cap Omnibus

Meeting with Lukas Mandl (Member of the European Parliament, Rapporteur)

18 Nov 2025 · GDPR

Meeting with Birgit Sippel (Member of the European Parliament) and International Association of Privacy Professionals

18 Nov 2025 · Digital Omnibus

Response to Digital package – digital omnibus

14 Oct 2025

Experience with the implementation of the digital acquis, its application, enforcement and effectiveness in reaching the respective legislative objectives is still lacking. The Commissions simplification agenda should not lead to rushed proposals without proper consultation, evaluation and impact assessments. Such changes can easily lead to reduction of protection and further legal uncertainty. Simplification must not be designed as a one-way street for business but should be pursued to benefit society as a whole and promote fundamental rights. We focus our comments here on the issue of Article 5 (3) e-privacy directive, on cookie banners: The Digital Omnibus should be used as a window of opportunity to finally implement Article 21(5) GDPR and Recital 66 of ePrivacy Directive and to ensure that the Omnibus includes a crucial simplification for businesses and users. In our work on cookie banners over the last years, it quickly became apparent that a root cause of cookie fatigue is the extensive use of dark patterns by controllers more to be found online under the industry euphemism consent optimization. In short, UI and UX design is used to bother Europeans into clicking accept with any trick in the book, even if depending on the study only 0.16%[1] to 3% of Europeans want to be tracked online. While the public debate largely focuses on cookie banners, in fact most banners collect consent for setting and reading cookies under Article 5(3) ePrivacy, but also other consents under Article 6(1)(a) GDPR for the processing of personal data for other purposes, as well as withdrawal of consent and often even objections to legitimate interests under Article 21 GDPR. To solve the consent fatigue problem, it must therefore be highlighted, that any solution must include consent, withdrawal and objections under Article 5(3), 6(1)(a) and 21 GDPR. Suggested Path Forward Most consent to processing of personal data is automated (e.g. access to microphones, cameras or alike) and therefore uses a neutral interface by the relevant software (e.g. Browser pop-up). Browsers also signal many other preferences (e.g. screen size to get a mobile view, or the language setting to the right language page) automatically in the background. Surprisingly, GDPR and ePrivacy consent requests are done in an old-fashioned analogue way, where thousands of websites ask the exact same question and users have to fill in the same response manually thousands of times. In addition, this process is made unnecessarily complicated by business using dark patterns to confront end-users with non-transparent and confusing cookie banners. Enforcement authorities rarely hold business accountable for such unfair and illegal practices. This is the true reason that lies at the heart of consent fatigue. Article 21(5) GDPR already foresee a legal duty to accept an automated signal for objections. Recital 66 of the ePrivacy Directive 2009/136/EC equally foresee such signals for consent. Also, Article 9 and 10 of Commission Proposal for an ePrivacy Regulation (see file 2017/0003(COD)), foresaw such an obvious approach. Given that such a signal would not create new rights for users, it would be sufficient to have two provisions: First, a legal provision (ideally linked the Article 6(1)(a) of the GDPR, which ePrivacy refers to) that sets the basic rules for such a standard of a signal that would be compatible with EU law should be established. An example of such an approach can be found in the Advanced Data Protection Control (ADPC) project between noyb and the University of Economics in Vienna (WU Wien) at https://www.dataprotectioncontrol.org/adpc-spec/, with a fully function prototype. Secondly, a legal path to ensure that technical specification, which meet the requirements stipulated in the horizontal provision as mentioned above are established in a legally binding way, for example via a European Commission implementing act, mandating an EU harmonise
Read full response

Meeting with Birgit Sippel (Member of the European Parliament)

9 Oct 2025 · Digital Simplification Omnibus

Meeting with Birgit Sippel (Member of the European Parliament)

29 Jan 2025 · GDPR Harmonisation

Meeting with Irena Moozova (Deputy Director-General Justice and Consumers)

29 Jan 2025 · GDPR and data flows

Meeting with Benjamin Boegel (Cabinet of Executive Vice-President Henna Virkkunen)

27 Jan 2025 · Proposal for GDPR Procedural Regulation; EU-US Data Privacy Framework; ePrivacy and cookie banners; Representative Actions Directive

Meeting with Maria Zafra Saura (Cabinet of Commissioner Michael McGrath)

27 Jan 2025 · Proposal for GDPR Procedural Regulation; EU-US Data Privacy Framework; ePrivacy and cookie banners; Representative Actions Directive

Meeting with Markéta Gregorová (Member of the European Parliament, Rapporteur) and Access Now Europe

20 Jan 2025 · GDPR enforcement regulation discussion

Meeting with Markéta Gregorová (Member of the European Parliament, Rapporteur)

18 Oct 2024 · Privacy topics, including GDPR enforcement

Meeting with Kristian Vigenin (Member of the European Parliament, Shadow rapporteur)

16 Oct 2024 · GDPR procedural regulation

Meeting with Markéta Gregorová (Member of the European Parliament, Rapporteur)

10 Sept 2024 · GDPR enforcement: overview of institutions positions

Meeting with Jana Toom (Member of the European Parliament, Shadow rapporteur)

30 Nov 2023 · GDPR enforcement

Response to Further specifying procedural rules relating to the enforcement of the General Data Protection Regulation

24 Mar 2023

noyb strongly supports the initiative launched by the European Commission aimed at strengthening and improving the application and enforcement of the General Data Protection Regulation (GDPR). Please find the attached submission with: - Cover Letter - An Issues List - High-Level Concepts Paper - A Suggestion for a Regulation
Read full response

Meeting with Gwendoline Delbos-Corfield (Member of the European Parliament) and Access Now Europe

16 Sept 2022 · GDPR enforcement