Digital Omnibus and Digital Health: Simplifying Regulation Without Weakening Data Protection

DPO Consulting
This is some text inside of a div block.
3
May 28, 2026

Table of contents

Example H2

Introduction

Faced with the growing complexity of the European digital regulatory framework, the European Commission introduced a major initiative in November 2025: the “Digital Omnibus”. This draft regulation aims to make rules clearer and reduce the administrative burden placed on economic actors, particularly in highly regulated sectors such as healthcare.

While this simplification effort responds to real expectations, it also raises significant concerns. The proposed changes could profoundly transform the management of health data and redefine the balance between technological innovation and the protection of individuals’ rights.

Why the Digital Omnibus Seeks to Simplify the European Digital Framework

The Need for Clarity in an Increasingly Complex Regulatory Landscape

Over the years, the European Union has built a particularly comprehensive legal framework governing digital activities. Between the GDPR, artificial intelligence regulations, cybersecurity requirements, and data governance rules, legislation has multiplied, sometimes creating overlaps and interpretation difficulties.

In this context, the Omnibus project is part of a broader simplification strategy. The objective is to reduce inconsistencies, harmonize practices, and facilitate compliance for organizations. For businesses and public institutions alike, the aim is to improve clarity and efficiency while strengthening Europe’s competitiveness on the international stage.

The healthcare sector is particularly affected by this initiative due to the growing importance of digital technologies in care delivery, research, and data management.

Health Data and the Digital Omnibus: What Regulatory Changes Are Expected?

A More Flexible Approach to Pseudonymized Data

One of the most sensitive aspects of the project concerns the very definition of personal data. The Digital Omnibus proposes introducing a more flexible approach, particularly regarding pseudonymized data, which could in some cases fall outside the scope of the GDPR.

This evolution would have a direct impact on many healthcare uses. It could notably facilitate access to data for scientific research, the development of artificial intelligence solutions, and innovation in the medical device sector.

Legitimate Interest and New Data Uses

In addition, the text seeks to clarify the conditions for using data in projects based on legitimate interest, including sensitive data. This direction aims to encourage the adoption of advanced technologies while maintaining a secure legal framework.

However, these changes raise essential questions: how far can regulations be relaxed without compromising the protection of individuals?

What Impact Could the Digital Omnibus Have on Digital Health in France?

A Potential Challenge to Existing Regulatory Balances

In France, the impact of these developments could be particularly significant. The French system relies on a structured regulatory framework, including specific mechanisms designed to govern the use of health data and ensure its security.

Any modification to the concept of personal data could disrupt existing balances and require updates to national frameworks. Healthcare stakeholders, whether public or private, may therefore need to review their practices to align with the new European rules.

A Direct Connection With the European Health Data Space

This transformation is taking place alongside the implementation of the European Health Data Space, which aims to facilitate the sharing and valorization of data across the European Union. In this context, decisions made at the European level will directly impact national strategies.

Innovation, GDPR, and Data Protection: Ongoing Tensions

Concerns Raised by Authorities and Specialized Organizations

Despite its objectives, the Digital Omnibus project is far from unanimously supported. Several supervisory authorities and specialized organizations have expressed concerns regarding the potential consequences of certain measures.

The redefinition of personal data, in particular, is viewed as a major point of tension. Some fear it could weaken the level of protection guaranteed by the GDPR and create greater legal uncertainty.

The Risk of Imbalance Between Innovation and Fundamental Rights

Other criticisms highlight the risk of creating an imbalance in favor of economic actors at the expense of individuals’ rights. In a field as sensitive as healthcare, trust remains essential, meaning any regulatory evolution must be carefully supervised.

Finally, Member States themselves may adopt divergent positions, particularly when European proposals conflict with already established national frameworks. These differences illustrate the difficulty of aligning interests across the European Union.

Conclusion: Towards a New European Balance for Health Data

The Digital Omnibus represents an ambitious initiative to streamline digital regulation in Europe and support innovation. In the healthcare sector, its effects could be particularly transformative by facilitating data use and the development of new technologies.

However, this simplification effort cannot come without caution. The challenge lies in finding the right balance between regulatory efficiency, economic dynamism, and the protection of fundamental rights.

Upcoming discussions between European institutions and Member States will be decisive in determining the actual scope of this reform. Ultimately, the objective is clear: to build a framework that fosters healthcare innovation while maintaining a high level of trust among citizens.

At DPO Consulting, we support organizations in the healthcare sector with their data protection challenges: discover our services

Read this next

See all

Synthetic Data and GDPR: A Credible Alternative to Personal Data or a New Re-identification Risk?

Driven by the rise of artificial intelligence and increasing GDPR constraints, synthetic data is progressively emerging as a solution often presented as “privacy by design.”

Read more

Outsourced DPO: Why Outsourcing Your DPO Is the Best GDPR Strategy in 2026

Outsource your Data Protection Officer with a GDPR expert firm. Discover the benefits of an outsourced DPO: compliance, cost control, expertise, independence, and long-term support.

Read more

Personal Data Breaches: Understanding the Rise in Incidents and Managing CNIL Notification Requirements

In recent times, hardly a week goes by without the media reporting that an organization has suffered a cyberattack leading to a data breach.

Read more
Stay up to date on all the latest data privacy and GDPR compliance news.
Your email address will be used to send you our newsletter as well as information concerning the activity and news of DPO Consulting. You can unsubscribe at any time by clicking on the unsubscribe link in the emails. To find out more about your rights, see our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
About us
Our expertise
myDPO
Contact us
contact@dpo-consulting.com
+33 (0)1 55 06 16 86
50, Avenue des Champs-Elysées, 75008, Paris, France
Outsourced DPOInternational DPODPO AssistanceEU RepresentativeUK RepresentativeData privacy training
Clinical Trial ComplianceGDPR Compliance auditPrivacy Impact Assessments (PIA)Digital transformationMulti regulatory complianceUK GDPR, UK DPA, & DUAA
Cybersecurity Compliance
CISO as a serviceCybersecurity maturity assessmentProject support
AI Act Compliance
AI Maturity assessmentAI Act training
DPO Consulting © 2026 All Rights Reserved |
Terms of Use
|
Privacy Policy
|
Cookie Policy
|
Legal Notice
Let’s create an experience as remarkable as your business
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Main pages
CMS Pages
Utility
Templates
hi@byq.studio
@byqstudio
+1 600 600 000