Fixing data privacy consent: the GDPR seven years after

Assessing market failures, regulatory gaps, and paths to reform

Time and location: 15 January 2026 13:00-14:00 Bruegel, Rue de la Charité 33, 4th floor, 1210 Brussels
Format: Public, Hybrid, On the record, Livestreamed
Contact: Anastasiia Zaitseva

Speakers

Paul Nemitz

Visiting Professor of Law, College of Europe

Paul Twomey

Co-Chair, Global Initiative for Digital Empowerment (GIDE)

Agenda

Check-in & coffee

12:30-13:00

Agenda

Discussion

13:00-13:45

Chair: Bertin Martens, Bruegel Senior Fellow
Townsend Feehan, CEO, IAB Europe
Paul Nemitz, Visiting Professor of Law, College of Europe
Paul Richter, Bruegel Affiliate Fellow
Paul Twomey, Co-Chair, Global Initiative for Digital Empowerment (GIDE)

Agenda

Q&A

13:45-14:00

The General Data Protection Regulation (GDPR), the "constitution" of EU data market regulations, sets legal standards for the definition and handling of personal data. Seven years after it entered into force, researchers have accumulated considerable empirical evidence on the economic costs. In particular, data subjects consider data access consent banners, that pop up relentlessly when surfing the web, a nuisance rather than a useful tool. Enforcement of GDPR consent standards is very weak. Private intermediaries exploited this gap to launch tools to facilitate handling banners and nudge users towards agreeing to share their personal data with vendors. The European Commission's Digital Omnibus proposes changes to the GDPR to reduce the cost of consent. This panel discussed market and regulatory failures in GDPR consent procedures and examine a variety of alternative tools available.

Theme: Macroeconomic policy and governance
Keyword: digital economy technology
Language: English