Digital Omnibus Proposal Could Finally End Europe’s Cookie Banner Problem
Konrad Kollnig / Jul 14, 2026Have you ever met anyone who thinks cookie banners are a good idea? I haven't. Every day, they remind Europeans that something isn't working in the EU's approach to digital regulation. Yet on June 18, EU member states, negotiating in the European Council, proposed rejecting the European Commission's Digital Omnibus proposal to eliminate them. The Commission's idea is straightforward: give people a browser setting that lets them choose their cookie preferences once, instead of forcing them to click through banners on every website.
Why would various EU member states – reportedly including Germany, France and Poland – scrap the European Commission’s highly promising legislative proposal?
What seems to sway the opinions in the European capitals is fear. Concretely, governments fear that restrictions on cookie pop-ups would further reduce advertising revenues for news and media companies already struggling for funding. This fear, in particular, has been stoked by Google, which warned member states that browser-level consent would cause advertising revenues to collapse in the EU, undermining its sovereignty. After all, by giving users meaningful control of their EU data rights, news and media companies might find it difficult to show users lucrative online ads.
The concern is understandable. Independent news and media are essential pillars of European democracy, and their financial sustainability deserves serious protection. More than three decades after the arrival of the Web, advertising remains a crucial source of revenue for many publishers. Yet much of the digital advertising market has been captured by large US technology companies such as Google and Meta, leaving European media organizations increasingly dependent on platforms that control the rules, infrastructure, and data that underpin online advertising.
These fears are likely reinforced by the fact that the technology – “automated and machine-readable indications of data subject’s choices” in the European Commission’s words – sounds like a complex, difficult beast. Except that it isn’t. And most stakeholders – in private – agreed on that when my research team and my academic colleagues Sebastian Zimmeck, Harshvardhan J. Pandit, Frederik Zuiderveen Borgesius, and Cristiana Teixeira Santos brought participants from industry, civil society and academia together in Brussels for a one-day workshop in May 2026.
My colleagues and I have long worked on what such a technology would look like. California has already proved that it works well, with a technology called the “Global Privacy Control” (GPC). Since 2020, the GPC has allowed users to choose in their web browsers whether they want their data to be sold or shared with third parties that they do not know. Hundreds of thousands of websites already adopt the technology, as is required by California's privacy law. And far from remaining a Californian experiment, honoring the GPC is now a legal requirement in twelve US states and is actively enforced. In October 2025, California went further still: the new Opt Me Out Act will require every web browser to offer such an opt-out signal by January 2027.
Online advertising has not collapsed as a result of the wide adoption of the GPC. Indeed, isn’t it telling that the European Commission drew inspiration from California in putting forward its proposal? Doesn’t Europe think it is leading in making rules for technology and upholding rights in the digital space? Why is it that the very state that is home to the world’s leading tech companies pioneered such a drastic approach to consent and cookie banners? The answer is simple: their intervention was carefully designed (only affecting the sharing and selling of information) and rolled out over time. Unlike in Europe, the technology was supported by leading US media companies like the New York Times and the Washington Post early on because they realized that it would allow them to become more independent of Google, setting the rules for online advertising through its Chrome browser. But now it is Google, the US company with one of the largest population-wide datasets of them all, that argues for EU sovereignty and privacy – and EU governments and media companies buy into it.
There is no doubt that we should do everything to protect the funding of independent media. Yet, from a scientific perspective, there is hardly any evidence to support that advertising revenues would actually drop significantly. In the short-term, as media companies need to adjust, there might be a hit. This can be mitigated by a phased and careful rollout, as was done in California and other US states. In the longer term, the consequences are much less clear. It’s unlikely that companies wishing to show ads would stop paying for that. This is, anyway, what was observed in California.
To make something similar happen in Europe, it’s important to be focused, realistic and phased. Legitimate purposes for data collection, like privacy-preserving website analytics should be exempt from consent — as is already being discussed in the Omnibus, reading and storing data on end-user devices should not be subject to consent — as anything else is technically unrealistic, and automatable consent should at least be made easily possible for high-risk data practices like tracking-based online advertising — as it is in California — across connected devices.
If Europe doesn't act, cookie banners will remain what they have already become in the eyes of many EU citizens: not banners of consent, but of incompetence — daily evidence that their elected representatives struggle to create a safe online environment, let alone take on the far bigger questions in the digital sphere, such as the impacts of AI, social media, and invasive data collection by Google and others.
Authors


