Also available in:
Deutsch (German)
The GDPR (General Data Protection Regulation) is to be simplified following a recent decision by the EU Commission. The so-called “Omnibus Package” contains changes to the GDPR, ePrivacy Directive, Data Act, NIS2, and AI Act. We shouldn’t expect too much, but the following changes are on the agenda: Fewer cookie banners for harmless uses (e.g., pure visitor statistics), clearer rules for AI training with personal data, extension of the reporting deadline for data protection incidents, and a uniform reporting portal for incidents from multiple regulatory frameworks. Officially, the package aims to increase competitiveness, reduce bureaucracy, and improve harmonization.
Even before the package has been adopted, it is already facing criticism: data protection organizations (e.g., noyb, EDRi, consumer protection groups) see parts of the Digital Omnibus as a watering down of the level of protection. This is not entirely unfounded. The initiative seems to be driven less by a genuine desire for simplification and more by an intention to facilitate AI applications. However, nothing has been decided yet. The “Omnibus Package” must now be negotiated and adopted by the European Parliament and Council (trilogue procedure). The first changes could come into force in 2026/2027.
Impact on the adult entertainment industry
In the adult sector, the changes are manageable, but they are still there. In fact, a simplified cookie consent query could make it easier to access a page—and thus attract more visitors. For larger providers, a simplified documentation requirement could reduce bureaucratic effort. The potentially narrower definition of “personal data” would also lead to easier use of artificial intelligence.
Warning risks remain
In Germany in particular, the possibility of expensive warnings was mitigated some time ago, regardless of the GDPR, but it still exists—and the possible revision will do little to change that. Warnings are therefore derived from the GDPR, but also from alleged or actual violations of the Unfair Competition Act (UWG). The “most popular” reasons for warnings (as of December 2025) include:
| Violation (examples) | Typical costs (approx., for a claim value of €5,000–20,000) | Notes |
|---|---|---|
| Missing/incomplete privacy policy | €500–5,000 (legal fees + possible contractual penalty) | Most common case; often “only” omission |
| Incorrect cookie banners or tracking without consent | 1.000–10.000 € | Currently many cases (e.g., after the Google Fonts wave in 2022) |
| Delayed/incomplete information (Art. 15 GDPR) | 2.000–15.000 € | Increasingly warned (Shop Operator Radar 2025) |
| Dynamic Google Fonts integration (old wave) | Up to €100–500 in damages + costs | Many abusive warnings classified as an abuse of rights |
It is therefore always worthwhile to keep an eye on developments in the current legal situation and case law. And to make any necessary changes to your own website in a timely manner—otherwise it could end up being expensive.
