Disclaimer: This article provides general information about the EU Digital Omnibus package and first-party analytics for educational purposes. It does not constitute legal advice. Always consult qualified legal counsel to ensure your specific implementation complies with applicable data protection requirements.
The Digital Omnibus is the European Commission’s simplification initiative to modernize the EU’s digital rulebook and reduce consent fatigue. The framework would enable first-party analytics without consent when specific criteria are met, making it easier for companies to collect and analyze users’ data while protecting their privacy.
This blog post explains what Digital Omnibus includes, how it affects analytics and consent collection, how to make your analytics thrive under the new framework, and why Google Analytics won’t be the best option.
Piwik PRO and Cookie Information provide an integrated solution that combines first-party analytics with intelligent consent management to meet Digital Omnibus requirements. Organizations can also use Piwik PRO’s anonymous tracking to collect complete insights without processing any personal data.
What is Digital Omnibus
The European Commission officially presented the Digital Omnibus package on November 19, 2025, as part of its simplification agenda to streamline GDPR, the AI Act, ePrivacy rules and cybersecurity requirements.
The proposals are entering the EU legislative process, requiring approval from both Parliament and Council. When the text is final, it will enter into force on the third day after publication. However, specific parts of the proposal can have their own transitional periods, ranging from 6 to 48 months.
How Digital Omnibus impacts analytics and consent collection
Digital Omnibus inserts Article 88a into the GDPR, providing clearer guidance on when organizations might process analytics data without a cookie banner or prior consent.
Where consent is no longer required
Digital Omnibus clarifies that first-party analytics for the controller’s own purposes can operate without consent when the following technical and legal criteria are met:
- First-party processing: The website operator controls analytics data exclusively. The platform processes data as a service provider without accessing it for its own purposes and acts on the controller’s behalf.
- No third-party data sharing: Analytics data remains with the controller and the analytics provider and is not shared with other parties, such as advertisers or marketing platforms.
- Statistical purposes only: Analytics data must be processed solely for the controller’s own web statistics and site optimization purposes, not for marketing activation or cross-site tracking.
- Transparent opt-out available: Users can easily opt out of analytics processing, with opt-out options clearly explained in privacy policies.
- Limited data retention: Analytics data is retained only as long as necessary for statistical purposes.
Organizations can process first-party analytics without consent for:
- Basic web statistics, such as page views, navigation patterns, traffic volumes, session duration, referral sources and campaign tracking.
- Website optimization, including user flows, site speed, technical issues, content performance and engagement.
- Aggregate reporting without individual user tracking for marketing purposes.
These data collection purposes are very useful to companies and can be effectively applied to many marketing activities.
Where consent is still necessary
Digital Omnibus maintains consent requirements for:
- Marketing and behavioral targeting, including building user profiles and segments for advertising, retargeting and lookalike audiences.
- Content personalization or product recommendations based on an individual user’s behavior.
- Sharing analytics data with third parties – for example, integrating it with advertising platforms.
- Cross-device or cross-site tracking for marketing purposes.
As a result, routine web statistics don’t require consent, which makes them more accessible, while activities with a greater privacy impact maintain appropriate controls.
Why Google Analytics doesn’t meet these requirements
Google Analytics 4 doesn’t qualify for the first-party analytics exemption under the Digital Omnibus criteria for a few reasons:
- Shared infrastructure: Google processes analytics data on infrastructure shared across millions of websites, not dedicated instances per customer.
- Google’s use of data: When users visit your website, their data is processed not only by you but also by Google as a third-party. Google’s terms allow them to use aggregated analytics data for improving their own products and services, which violates the “solely for the controller’s own use” aspect.
- Advertising ecosystem integration: GA4 is designed to integrate with Google Ads, enabling data sharing between analytics and advertising platforms.
- Cross-customer data relationships: Google can correlate user behavior across multiple properties using shared identifiers, creating third-party data relationships.
To use analytics compliantly without consent, you need platforms with a first-party architecture that keep your data exclusively yours and don’t share it with other parties or reuse it for their own purposes.
How Piwik PRO and Cookie Information deliver compliant first-party analytics
Implementing Digital Omnibus compliance requires both the right technical architecture and proper consent management. Piwik PRO and Cookie Information provide an integrated, privacy-first analytics solution purpose-built for this framework.
First-party analytics architecture
Piwik PRO is fundamentally designed to meet Digital Omnibus criteria for first-party analytics:
- Complete data ownership: You own 100% of your analytics data. Piwik PRO doesn’t access or use your data for its own purposes.
- Full control over hosting: Choose whether to store your analytics data in a public or private cloud, and select its location from a range of options, including EU-operated servers.
- No third-party data sharing: Piwik PRO doesn’t send data to advertising networks, doesn’t sell data to other parties or enable data sharing beyond what you configure.
- First-party data collection: Data is collected directly between your website and your Piwik PRO instance, without involving third-party cookies or external trackers.
- Clear functional separation: Analytics features are distinct from our Data Activation capabilities. Keep activation behind consent while not collecting it for basic analytics.
This architecture means Piwik PRO qualifies as processing “solely for the controller’s own use”, which is the foundation for first-party analytics without consent under Digital Omnibus.
Anonymous tracking for maximum privacy by design
Piwik PRO’s anonymous tracking offers a powerful solution for organizations wanting to collect useful analytics without processing any personal data. The key advantage is that GDPR consent requirements don’t apply to anonymous data, allowing you to derive actionable insights for strategic decision-making while maximizing user privacy.
You can choose from three anonymous tracking methods:
- With cookies and session data – offering the most accurate insights while binding events into 30-minute sessions.
- With session hash but without cookies – ideal for strict cookie laws like Germany’s TTDSG.
- Without cookies or session data – the most privacy-protective option that still tracks page views, goals and traffic sources.
Here are some key use cases for anonymous data:
- Content optimization – Identify your top-performing content, channels, and formats by tracking page views, engagement patterns and traffic sources.
- Campaign performance and attribution – Measure which marketing campaigns drive the most qualified traffic and conversions across all channels.
- User experience and conversion optimization – Run A/B tests and identify friction points to optimize your entire user journey from landing page to conversion.
For example, Hopkins agency used Piwik PRO’s anonymous tracking to uncover their B2B client’s complete traffic data and accurate channel attribution that Google Analytics 4 missed due to low consent rates. This allowed them to operate on reliable data and ultimately make confident marketing decisions.
Consent management with Cookie Information CMP
Cookie Information’s Consent Management Platform provides the technical enforcement that makes Digital Omnibus compliance possible:
- Automatic distinction: The platform distinguishes which tools require consent (such as marketing or personalization) from those that don’t (such as web analytics).
- Built-in opt-outs: For analytics running under legitimate interest, users get clear, accessible options to opt out.
- Granular consent: There are separate controls for different processing purposes: analytics, marketing, personalization or social media. Users understand exactly what they’re consenting to.
- Transparent disclosure: Privacy information is presented in clear, understandable language, not legal jargon.
- Compliance documentation: Automatic audit trails for legitimate interest, opt-outs, consent decisions and preference changes.
Piwik PRO and Cookie Information’s integrated capabilities
By combining Piwik PRO’s privacy-first analytics features with Cookie Information’s consent management, you can streamline how these functionalities work together. This lets you unify privacy controls and easily manage user consent preferences and opt-outs in one place.
The technical setup automatically enforces Digital Omnibus boundaries, so you don’t need to manually configure what runs under legitimate interest versus consent. For example, when users haven’t consented to marketing, those capabilities remain inactive.
How this works from the user’s perspective
Basic browsing
User lands on your website → No consent banner appears → Piwik PRO collects web statistics without requiring consent → Opt-out available in privacy settings → No marketing features active
Personalized features
User triggers personalization → Cookie Information CMP presents consent options → User decides → If consented: features activate → If declined: basic experience continues → Analytics still runs without requiring consent
Returning user
Previous opt-out → No tracking → Previous consent → Personalized experience → No prior interaction → Analytics without consent with opt-out available
Not a Piwik PRO user yet?
Sign up for a free trial to experience the benefits of first-party analytics, anonymous tracking and integrated consent management.
Next steps: Preparing for Digital Omnibus
As Digital Omnibus progresses, monitor legislative developments and implementation timelines to adopt appropriate technical measures. These are the steps you can already take today:
Evaluate your current setup
Does your analytics platform meet “controller’s own use” criteria? If you’re using Google Analytics or similar third-party platforms, consider transitioning to first-party analytics.
Consider anonymous tracking
Many organizations discover that it provides all the insights needed for site optimization while maximizing privacy and simplifying compliance.
Review your consent implementation
Are you requiring consent for basic analytics that could operate without it? This creates unnecessary data quality issues.
Test Piwik PRO
Sign up for a free trial of Piwik PRO’s Business plan and run it alongside your current analytics platform. Compare data completeness, test anonymous tracking and decide whether to transition fully or use it to complement your existing setup.
The regulatory landscape is evolving to recognize proportionate privacy protections. Organizations that prepare now will be positioned to implement compliant, high-quality analytics when Digital Omnibus takes effect.
Ready to implement first-party analytics and balance privacy compliance with valuable insights?
Explore our flexible privacy options and complete data ownership by signing up for a free trial. If you have more questions, our team can help evaluate whether anonymous tracking, legitimate interest or strict consent approaches best fit your requirements.
Frequently Asked Questions
When will Digital Omnibus take effect?
The European Commission presented the Digital Omnibus proposals on November 19, 2025. The package now enters the EU legislative process. When the text is final, it will enter into force on the third day after publication. However, specific parts of the proposal can have their own transitional periods, ranging from 6 to 48 months. We will keep you updated on the progress.
Do I need consent for first-party analytics?
No, when analytics meet “controller’s own use” criteria, you can operate without prior consent.
Does this apply to Google Analytics?
No. Google Analytics involves third-party processing and doesn’t meet the “solely for the controller’s own use” standard.
What’s the difference between legitimate interest and anonymous tracking?
Legitimate interest tracks users with minimal personal data but requires opt-outs. Anonymous tracking collects no personal data, eliminating GDPR requirements entirely.
Can I still use personalization and marketing features?
Yes, personalization and marketing purposes require consent under the Digital Omnibus. The change is that basic web statistics can run without consent when specific legal and technical requirements are met, while marketing operates behind consent.
How do I prove my analytics meets the criteria?
Use platforms with dedicated instances, ensure the vendor has no access to your data, collect data for statistical purposes only and implement transparent opt-outs. Piwik PRO’s architecture helps you meet the necessary requirements.
