GDPR
Digital Omnibus Report: noyb Analysis & EDPB Opinion
By Steven | TrustYourWebsite2 min read
Source: noyb.eu
What is happening?
According to noyb, the European privacy rights organisation published version 3 of its Digital Omnibus analysis report on 24 February 2026. This updated report adds commentary on a joint opinion issued by the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) on the data-related parts of the Digital Omnibus proposal. That joint opinion was published on 11 February 2026, according to noyb.
The Digital Omnibus is a proposal from the European Commission that would, reportedly, make changes to existing EU data protection rules. The noyb report is an independent analysis, not an official regulatory ruling or enforcement decision.
What is noyb saying?
According to noyb, its report compares existing law with what the Commission has proposed, and looks at potential consequences for individuals, businesses and data protection authorities. The organisation has been building on this analysis over time, with earlier versions covering detailed legal findings and recommendations, and this third version now incorporating the EDPB and EDPS joint opinion.
It is worth noting that noyb is a privacy advocacy organisation, not a regulator. This analysis reflects noyb's own reading of the proposal. The Digital Omnibus proposal itself has not yet been adopted or rejected, and no fines or enforcement actions are connected to this report.
Why does this matter?
The Digital Omnibus proposal is still moving through EU institutions. If it eventually becomes law, it could affect how data protection rules apply to businesses across Europe, including in the UK where businesses trade with EU customers or use EU-based tools. For now, UK GDPR and the Data Protection Act 2018 remain the rules you need to follow, and the ICO remains your relevant authority.
If you want to make sure your current data practices are in order while these EU discussions continue, our GDPR compliance checklist and privacy policy requirements guide are good places to start.
You can read the full noyb report at noyb.eu.
What does this mean for your website?
The Digital Omnibus is an EU proposal that has not yet become law, so nothing about your current legal obligations has changed. You still need to follow UK GDPR and the Data Protection Act 2018, and your privacy policy and cookie practices should already meet those standards. If you are unsure whether your website is compliant today, our guide on GDPR and small businesses explains what is expected of you in plain terms.
Check your website now
Free website scan covering GDPR, copyright, accessibility, security, and more.
Start free checkRelated articles
GDPR
GDPR Access Requests: 83.5% Failed, Says noyb
noyb analysis of 121 access requests filed since 2018 found that 83.5% were not answered in line with the law, with only 16.5% receiving a satisfactory reply.
2 min read
GDPR
Dutch AP Warns: Orgs Fail to Limit Data Breach Impact
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) published a position paper stating that many organisations fail to take measures to limit the impact of data breaches, ahead of a…
2 min read
CookiesGDPR
ICO's New Cookie Rules: What UK Website Owners Need to Do
The ICO has published its final guidance on cookies and tracking tech. Here's what changed under the new rules and what your UK website needs to check now.
5 min read