The new information notice exemption: What businesses need to know

Legal news

The EU’s Digital Omnibus initiative aims to reshape GDPR, and one of its most practical changes for organizations is a new exemption from the obligation to provide information notices when collecting personal data. While this may sound technical, the effect is straightforward: reducing administrative burdens while maintaining strong data protection standards.

THE CURRENT LEGAL FRAMEWORK. According to Article 13 GDPR, controllers must provide data subjects with detailed information about how their personal data is processed, including:

  • Identity of the controller;
  • Purposes and legal basis of processing;
  • Retention periods;
  • Data subject rights.

Today, limited exemptions exist. Notably, Article 13, par. 4 GDPR states that controllers are not required to provide information if the data subject already has such information.

THE DIGITAL OMNIBUS REFORM: EXPANDING EXEMPTIONS. DigitalOmnibus seeks to expand this exemption by amending Article 13 GDPR. Under the proposed reform, controllers may be exempt from providing an information notice if:

  • The processing is unlikely to result in high risk (e.g., limited data and simple processing activities);
  • There are reasonable grounds to assume the data subject already possesses the relevant information.

Importantly, this exemption does not affect the data subject’s right to access their data under Article 15 GDPR.

The EDPB–EDPS JOINT OPINION. The European Data Protection Board (“EDPB”) and European Data Protection Supervisor(“EDPS”) have expressed support for the reform, noting that it could reduce unnecessary administrative burdens.

However, they also warn that the new wording of Article 13 GDPR may create legal uncertainty and divergent interpretations across Member States. To mitigate this, clear definitions outlining the scope of the exemption are essential.

Additionally, the EDPB and EDPS emphasize the need for controllers to provide full Article 13 information upon request of the data subject.

POTENTIAL BENEFITS FOR COMPANIES. If adopted, the reform may positively impact on companies. But how?

  • Reducing administrative burden: No need to draft or deliver notices where users already know the essential information;
  • Ensuring Cost-efficient compliance: Fewer internal approvals, less paperwork, and reduced content updates.

CONCLUSION. The Digital Omnibus regulation, if approved, could significantly reform GDPR transparency obligations. Businesses should continue monitoring developments to understand how and when these changes will take effect.

Unknown's avatar

About Jessica Riva

Jessica collaborates with the firm as a junior associate dealing mainly with issues related to companies operating in the health and life sciences sectors. She graduated cum laude in 2022 from the University of Trento with a dissertation entitled “Civil liability related to the organizational deficit of the health care system in dealing with the pandemic emergency: a comparison between Italy and Germany”, besides carring out a period of research in collaboration with the chair of health law at the Ludwig-Maximilians-Universität in Munich. She has worked in relevant law firms of the Italian scenario. Jessica speaks Italian, English, and German.

Leave a comment