This week at a glance
• Per sources cited by Euractiv, the Council has removed a proposed exemption that would have allowed contextual ad measurement without user consent
• The AI Omnibus side is now in adoption mode: a consolidated text is circulating and analysts expect formal adoption with only minor changes
• The European Commission refreshed its Data Union Strategy page, a reminder that the wider Digital Package is moving on multiple tracks
Council shifts on contextual ads
A potentially significant change appeared in the Council’s latest compromise text on the Digital Legislation Omnibus, circulated around May 21. As Euractiv reports, sources familiar with the document say the Council has dropped a previously proposed carve-out for measuring contextual advertising without consent.
For context, contextual advertising shows ads based on the content of the page someone is viewing, not on tracking the user across sites. The earlier proposal would have treated measurement of those ads as low-risk enough to skip the consent layer. The Council has now pulled that exemption back. Official documentation is still pending, so the change is being read off compromise text rather than a public announcement.
If the deletion holds through trilogue, the current consent baseline for ad measurement stays in place, and one of the more business-friendly elements industry had hoped to see in the Digital Legislation Omnibus disappears.
“The consent framework should reward lower-risk practice. Contextual advertising doesn’t track users across sites, and treating its measurement as requiring consent regardless puts it in the same category as behavioural profiling. That’s not risk-based regulation. It’s uniform regulation. If the deletion holds, the Omnibus delivers structural tidying without the substantive reform the framework actually needed.”
Giulia Stancampiano, Director of Legal (Privacy & Tech), iubenda
The AI Omnibus moves into adoption mode
On the AI side, the file is shifting from negotiation to implementation. Bird & Bird put out a consolidated version of the AI Act with the provisionally agreed Omnibus amendments woven into the text. Practically, compliance, legal, and product teams now have one working document, instead of toggling between the AI Act and a separate amending instrument.
The mood is similar in Stephenson Harwood’s May newsletter, which reads the COREPER-approved text as likely to pass formal adoption with only minor changes. The same piece flags the EDPS pilot AI regulatory sandbox and broader European-UK coordination as practical parts of AI readiness, not side issues.
Also this week
The European Commission refreshed its Data Union Strategy page on May 20, restating three pillars: improving data access for AI, simplifying the EU data rulebook, and protecting EU data sovereignty in international flows. It’s a useful reminder that the AI Omnibus is one strand of a wider effort. Expect related changes in data access, contracts, and cloud governance over time.
We also published our own analysis on browser-level consent signals under proposed Article 88b GDPR. If adopted, that mechanism could turn CMPs into the infrastructure that receives and applies machine-readable user preferences across the web. Privacy and product teams should already be thinking about interoperability and signal hierarchies.
For a practical readout aimed at AI governance teams, Pandectes’ May 20 post walks through content-marking timelines, the stricter conditions on using special-category data for bias detection, and the expanded AI Office role over GPAI-based systems.
“Browser-level signals are the wrong instrument if the goal is meaningful consent. They concentrate infrastructure in browser vendors outside European regulatory reach, they can’t carry the specificity GDPR requires, and they don’t fix the storage problem that actually drives consent fatigue. If the mechanism advances, the question that needs an answer before implementation is signal hierarchy: when a browser preference conflicts with a direct on-site choice, which one legally governs? The current text doesn’t resolve it, and as with much of Art. 88b, the answer appears to be: standards will figure it out.”
Giulia Stancampiano, Director of Legal (Privacy & Tech), iubenda
Worth watching
- Formal adoption of the AI Omnibus. With a consolidated text circulating, the path to OJEU publication is opening. Watch for Parliament and Council to sign off before the August 2, 2026 cliff.
- The Digital Legislation Omnibus. With the contextual ads carve-out now reportedly off the table, attention will turn to other contested points: pseudonymization scope, legitimate interest for AI processing, and the proposed Article 88b cookie mechanism.
- Browser-level consent signals. The Article 88b proposal could meaningfully shift the role of CMPs. Worth getting ahead of the design questions now.